It's not a matter of a 10th of a second versus several days. If you use MD5, or an even better algorithm, it's the difference between a 10th of a second or a couple of years at the very least (or even centuries, if we ignore technological advances). A 10th of a second is a big problem, and a couple of days is not significantly better of course. But after a couple of years any sensible person would have changed their password, and after a couple of centuries most people would be dead anyway.
I don't understand that. If someone has your password file he can start a dictionary attack. Is there any difference encrypting words in crypt or MD5 and comparing the result to passwd?
In my eyes, Robert is right and the initial statement (10th of second vs. centuries) is wrong (in the case of dictionary attacks). The only speed difference can be found in the speed difference of the crypt() vs. the MD5 algorithm. So the above statement implies that the MD5 algorithm is 10^n (n >> 1000000) slower than crypt's, which I don't belive. Anyway, if you have somebody on your system that can steal the /etc/shadow file (which is only accessible by root) than your system is already lost. my cent Emmerich
Hi! On Wed, 16 Aug 2000 emm@eggler.ch wrote:
In my eyes, Robert is right and the initial statement (10th of second vs. centuries) is wrong (in the case of dictionary attacks). The only speed difference can be found in the speed difference of the crypt() vs. the MD5 algorithm. So the above statement implies that the MD5 algorithm is 10^n (n >> 1000000) slower than crypt's, which I don't belive.
From days to months is not a factor of 10^1000000. Even from a few days to a couple of centuries is more like a factor of about 10^4 or 10^5. I have not benchmarked MD5 myself, but eks-blowfish can easily be made much slower than that without bothering the regular user.
Also the way salt (and, if applicable, cost) are used a in some algorithms dramatically increases the time needed by a cracker as compared to crypt().
Anyway, if you have somebody on your system that can steal the /etc/shadow file (which is only accessible by root) than your system is already lost.
Not necessarily (see the logs of CERT and Bugtraq), but of course it is best to have /etc/shadow untouched. Cheers! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------
You people really have short memories. Xlockmore exposed the shadow file (even on OpenBSD). There have been various core dump issues with privileged programs that expose /etc/shadow..... etc. Kurt
Kurt Seifried wrote:
You people really have short memories. Xlockmore exposed the shadow file (even on OpenBSD). There have been various core dump issues with privileged programs that expose /etc/shadow..... etc.
Kurt
What is xlockmore? On my systems, I didn't find it (yet). Is it part of a root kit or just a bad example of a lock program for X? --emmerich
Kurt Seifried wrote:
You people really have short memories. Xlockmore exposed the shadow file (even on OpenBSD). There have been various core dump issues with
privileged
programs that expose /etc/shadow..... etc.
Kurt
What is xlockmore? On my systems, I didn't find it (yet). Is it part of a root kit or just a bad example of a lock program for X?
xlock is an x screensaver locker thingy for X. Mandrake had it, TurboLinux had it, NetBSD, OpenBSD interestingly enough just put out a thing saying there is a string vulnerability. THe problem was xlock could crash and expose /etc/shadow. There are many other incidents as pointed out where programs have had flaws allowing an attacker to cause it to core dump with passwords/etc in the core dump. Relying on /etc/shadow to be impenetrable is RETARDED. IT ISN"T. If it's on the filesystem attackers will find a flaw in something that allows them to get at it. Security is about risk management. Using /etc/shadow is good risk management because it makes it significantly harder for most attackers to get ahold of the passwords. Using MD5 or Blowfish instead of crypt is additional risk management, and a good idea in general.
--emmerich
-Kurt
participants (3)
-
emm@eggler.ch -
Kurt Seifried -
Yuri Robbers