SuSE 9.2 creates encrypted volumes without salting the password/key. While this is not a problem for long binary keys, it simplifies a dictionary attack against a shorter ascii keys. man losetup says: -S pseed Sets encryption password seed pseed which is appended to user supplied password before hashing. Using different seeds for different partitions makes dictionary attacks slower but does not prevent them if user supplied password is guessable. &:-)
Hello. Thank you for this hint. I'll forward it. On Fri, Feb 25, 2005 at 10:59:33AM +0200, 2005 wrote:
SuSE 9.2 creates encrypted volumes without salting the password/key. While this is not a problem for long binary keys, it simplifies a dictionary attack against a shorter ascii keys.
man losetup says:
-S pseed Sets encryption password seed pseed which is appended to user supplied password before hashing. Using different seeds for different partitions makes dictionary attacks slower but does not prevent them if user supplied password is guessable.
&:-)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing -- Imagine there's no countries, It isnt hard to do, Nothing to kill or die for, No religion too, ... -- John Lennon (Imagine Lyrics)
participants (2)
-
2005 -
Thomas Biege