RE: [suse-security] Password Encryption
From: "Christian Röpke" [mailto:christian.roepke@directbox.com]
i know, that it is very important to hold my system clean.
yepp :)
but many systems are not clean and then the cracker hasn't any chance to crack the shadow-file, if the passwords are encrypted by des3 or aes.
even des3 and aes are "crackable". it's important to not be able to derive the password from the encrypted string, which means you need one-way hash functions like md5, sha, or whatever you like (sha is considered more secure than md5). if there really is an attack against the md5-algorithm (with real i mean useable agains real live systems) then we're all in big big trouble. most weaknesses of an algorithm are theoratically and [mostly] unuseable against real live systems.
and these algorithms are the state of the art
not 3des or des3 (it's the same) - it's not state of the art, although it's widely used. (it's just des 3 times with 2 different keys (there are 3 possible ways to use the keys: 1-1-2, 1-2-1, 2-1-1), which equals a key-length of 112 bits which is somewhat weak). it is used because of its speed for session-keys, not for passwords.
christian
p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof.
i really want to know more about this attack. please ask your professor and post the details ;-) regards, stefan
Hi! --On Dienstag, 9. Juli 2002 15:37 +0200 Peer Stefan <stefan.peer@tiwag.at> wrote:
[...]
p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof.
i really want to know more about this attack. please ask your professor and post the details ;-)
I forgot to post this to the list: ---------- Forwarded Message ---------- Date: Dienstag, 9. Juli 2002 15:50 +0200 From: Bastian Schmick <schmick@nue.et-inf.uni-siegen.de> To: Christian Röpke <christian.roepke@directbox.com> Subject: Re: [suse-security] Password Encryption Hi! --On Dienstag, 9. Juli 2002 15:14 +0200 Christian Röpke <christian.roepke@directbox.com> wrote:
[...] p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof. __________________________________________________
In 1996 a german researcher found a way to produce "collisions" in the compression function of MD5 (in about 10 hours on a 100 MHz Pentium I), but IIRC could not extend this attack to the full algorithm. Details are here: <http://www.rsasecurity.com/rsalabs/faq/3-6-6.html> <ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf> <http://www.informatik.uni-mannheim.de/informatik/pi4/projects/Crypto/rgp/m d5/dobbertin.ps> This is a serious academic weakness of the algorithm, but surely nothing to worry about in practical applications. Attackers who have the required resources for this kind of attack will certainly be able to find completely different ways to compromise the security of your linux box. By the way: The same goes for DES. There has been no practical attack against the structure of the cipher. It is simply outdated, because a) it is very slow in software and b) it´s keysize is far too small to protect against brute force attacks with today´s computing power (I guess, that´s what you meant with "attack") Still, you need a considerable amount of computation to break DES and attackers might just as well find different ways to break into your system. Hope this helps. Greetings, Bastian. ---------- End Forwarded Message ----------
participants (2)
-
Bastian Schmick -
Peer Stefan