Salts: 4096 (64x64) Passwords input,,1,2,3,4,5,6,7,8,9 a-z,26,106496,2768896,71991296,1871773696,48666116096,1.26532E+12,3.28983E+1 3,8.55356E+14,2.22392E+16 "a-z, A-Z",52,212992,11075584,575930368,29948379136,1.55732E+12,8.09804E+13,4.2109 8E+15,2.18971E+17,1.13865E+19 "a-z, A-Z, 0-9",62,253952,15745024,976191488,60523872256,3.75248E+12,2.32654E+14,1.4424 5E+16,8.94321E+17,5.54479E+19 "a-z, A-Z, 0-9, shift0-9",72,294912,21233664,1528823808,1.10075E+11,7.92542E+12,5.7063E+14,4 .10854E+16,2.95815E+18,2.12987E+20 "a-z, A-Z, 0-9, shift0-9, punctuation",94,385024,36192256,3402072064,3.19795E+11,3.00607E+13,2.82571E+ 15,2.65616E+17,2.49679E+19,2.34699E+21 terrabyte: 1E+12,1E+12,1.06496E-07,2.7689E-06,7.19913E-05,0.001871774,0.048666116,1.265 319018,32.89829448,855.3556565,22239.24707 ,,2.12992E-07,1.10756E-05,0.00057593,0.029948379,1.557315715,80.98041718,421 0.981694,218971.0481,11386494.5 ,,2.53952E-07,1.5745E-05,0.000976191,0.060523872,3.75248008,232.653765,14424 .53343,894321.0725,55447906.49 ,,2.94912E-07,2.12337E-05,0.001528824,0.110075314,7.925422621,570.6304287,41 085.39087,2958148.142,212986666.2 ,,3.85024E-07,3.61923E-05,0.003402072,0.319794774,30.06070876,2825.706623,26 5616.4226,24967943.72,2346986710 So a password of 6 characters using only a-z would require ~1.2 terrabytes to store it, not to bad. A password of 6 characters with a-z, A-Z, 0-9 would require ~230 terrabytes (poetic license taken for database storage/indexes/compression/etc). The moral of the story: you need to protect the password file, since an attacker can glean the salt used from it, reducing their workload considerably (by a factor of 4096). You also need to make users choose strong passwords, if they choose a word you are probably up the creek, taking a dictionary with 4 million words (ie almost all words, names, etc, including foriegn languages) and you can hit a lot of passwords, tests I have seen usually 1-5% of passwords are set to the username, system default, or somehting like "password", meaning an attacker can get their foot in the door easily. The "problem" with crypt is it is relatively "cheap" to run through combinations/etc. MD5 and Blowfish provide a much stronger one way hash and the attacker will need a lot more time to generate a lookup database or brute force them. I.e. it mush less harmful if someone steals the /etc/shadow from my OpenBSD box (which uses blowfish) as opposed to a crypt'ed password file off a SuSE box. Now I need to eat breakfast. Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
Kurt Seifried wrote:
So a password of 6 characters using only a-z would require ~1.2 terrabytes to store it, not to bad. A password of 6 characters with a-z, A-Z, 0-9 would require ~230 terrabytes (poetic license taken for database storage/indexes/compression/etc).....
Kurt, I had difficulty trying to understand your presentation. Thanks for inspiring me to attempt to understand this stuff more thoroughly. Please take a look at my analysis of the situation. Do I have it right? Uncompressed I get storage costs 20-times greater than the figure given above. This is rather a large amount for clear-text password strings of strictly six characters? I'm surprised - consider password strings of eight characters! Am I making some fundemental errors in my analysis?
......... The moral of the story: you need to protect the password file, since an attacker can glean the salt used from it, reducing their workload considerably (by a factor of 4096)....
In fact, if the attacker is not in possession of the encrypted form of the password, the system on which the password is held MUST be used to do the password lookups. This not generally practicle.
....... You also need to make users choose strong passwords, if they choose a word you are probably up the creek, taking a dictionary with 4 million words (ie almost all words, names, etc, including foriegn languages) and you can hit a lot of passwords, tests I have seen usually 1-5% of passwords are set to the username, system default, or somehting like "password", meaning an attacker can get their foot in the door easily.
The "problem" with crypt is it is relatively "cheap" to run through combinations/etc. MD5 and Blowfish provide a much stronger one way hash and the attacker will need a lot more time to generate a lookup database or brute force them. I.e. it mush less harmful if someone steals the /etc/shadow from my OpenBSD box (which uses blowfish) as opposed to a crypt'ed password file off a SuSE box. Now I need to eat breakfast.
As you say, when the attacker is in possession of the encrypted form, a great encryption algorithm is of very little help if the password is weak. Schemes which allow the use of phrases, and which tend break the eight-character limitation of "crypt" passwords are to encouraged. Strong passwords are essential no matter which algorithm is used. Cheers - Les Catterall Given: (1) The salt is a two-character string taken from the set of 64 characters, [a-zA-Z0-9./]. => There are 4096 permutations of the salt (ie. 64^2). (2) Iff the clear-text password is strictly a six-character string taken from the set of 62 characters, [a-zA-Z0-9]. => There are 5.68E+10 permutations of the clear-text string (ie. 62^6). As Kurt points out, we could choose from a set of 94 characters, and we could require the use of strictly eight-character strings for the clear-text password. This would yield 94^8 permutations (ie. 6.1E+15 permutations) of the clear-text string. (3) From (1) and (2) there are (64^2)*(62^6) permutations of the combined salt and clear-text string: => 4096 * 5.68E+10 permutations = 2.33E+14 permutations (or 233E+12 ~230 TerraPermutations) Or using strictly eight-character clear-text password strings: => 4096 * 6.1E+15 permutations = 2.5E+19 permutations (4) Now the clear-text string and salt are input to "crypt", and these are used to produce the remaining 11 characters of the encrypted password. For our brute force lookup table involving strictly six-character clear-text passwords, we are going to need 2.33E+14 entries each of 20 characters: => salt(2)+encrypted(11)+clear-text(6)+record-seperator(1) (5) Thus the uncompressed storage requirements for our lookup table of strictly six-character passwords is: => 20 * 233E+12 characters ~ 4600 Terrabytes (assuming one character per byte - uncompressed). Anyone care to guess the 8-character password that yields the following encrypted form: tWKkoqoSYcJ0k Hint: I used "crypt" to encrypt it, and drew the password from the 94-character set [a-zA-Z0-9]+[punctuation]. That's a zero in the encrypted string not an 'Oh'.
Hi all, On 18-Aug-00 Kurt Seifried wrote:
Salts: 4096 (64x64)
Passwords input,,1,2,3,4,5,6,7,8,9 ... What you had to do in a "mixed" network. I mean, when you have some HP running HP-UX, some SGI running IRIX: in which way i can easily add users to all (or some) systems, when I couldn't use copy and paste for the password (because other systems then my linux boxes) use only crypt (I'm not sure about that)?
I hope, that your breakfast is done ;-) regards Ralf Eisinger ------------------- IHS - University of Stuttgart, Germany Pfaffenwaldring 10 70150 Stuttgart Phone: (0049)-711-685-3201
What you had to do in a "mixed" network. I mean, when you have some HP running HP-UX, some SGI running IRIX: in which way i can easily add users to all (or some) systems, when I couldn't use copy and paste for the password (because other systems then my linux boxes) use only crypt (I'm not sure about that)?
Make everyone use the same thing obviously if you want to do it that way. Or use NIS/NIS+, that'll keep it all in synch to. Or centrally authenticate, LDAP for example, there are PAM modules to do this, ditto for SAMBA based auth and a few other methods.
I hope, that your breakfast is done ;-)
Unfortunately I always forget to eat breakfast, even with a large sign on my wall to remind me :P.
regards
Ralf Eisinger
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
participants (3)
-
Kurt Seifried -
Les Catterall -
Ralf Eisinger