Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] Password Encryption
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Fri, 12 Jul 2002 09:17:11 +0200
  • Message-id: <20020712091711.F2776@xxxxxxxxx>
* Reckhard, Tobias wrote on Thu, Jul 11, 2002 at 11:00 +0200:
> > Yes, this is called a collision. With the crypt algorithm, which
> > produces 56 bit results, every 72,057,594,037,927,936th (==2^56)
> > password gets the same hash value. With other words, if you
>
> I think you're forgetting about the birthday paradox. See
> http://www.rsasecurity.com/rsalabs/faq/2-4-6.html for some information on
> attacks against hash functions.

No, I don't. you cannot apply the birthday fact (I don't think
it's paradox) here, since the value you need to get in a
collision is given (since this is the value stored in shadow). It
doesn't help to get any collision, here you need the right one.

> [salt]
> > typical MD5 "crypts" use much larger ranges). The value is taken
> > by random. So every password has 4096 possible results. To be
> > able to decrypt, the salt itself is stored in plain as the first
> > two bytes of the password "hash". So for a million words you
> > would need 4 billion precalculated hashes.
>
> However, since the salt is stored in plaintext in the shadow file, if you
> get that, the advantage of salt disappears.

That is incorrect. Of course you cannot precalculate exactly the
salts that you will find later (at least this is not possible if
we assume time as going forward only :)).

(I think this thread is getting boring.)


oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References