Re[2]: [suse-security] Password Encryption
Hello Peer, Tuesday, July 9, 2002, 3:37:02 PM, you wrote:
but many systems are not clean and then the cracker hasn't any chance to crack the shadow-file, if the passwords are encrypted by des3 or aes.
PS> even des3 and aes are "crackable". it's important to not be able to derive PS> the password from the encrypted string, which means you need one-way hash PS> functions like md5, sha, or whatever you like (sha is considered more secure PS> than md5). if there really is an attack against the md5-algorithm (with real PS> i mean useable agains real live systems) then we're all in big big trouble. PS> most weaknesses of an algorithm are theoratically and [mostly] unuseable PS> against real live systems. password encryption : - the cleartext password is hashed by md5 - this hash-value is the key for DES encryption of the password is that right ? password cracking : - DES can only be cracked by a brute force attack, because there is no way to crack the s-boxes. - to crack DES, means to find the 56 bit long key. - the cracker has 2^56 different keys, and only one is the right - he has the encrypted password, the algorithm and the way to encrypt passwords, then he tests all 2^56 different keys and compares it with the value of the shadow-file, one key shows the cleartext password - it is possible to find this one key in a realistic time triple DES needs a 112 bit key - the cracker has 2^112 different keys - to find the right key is not (perhaps by the nsa ?, nobody knows it) possible is a realistic time --> triple des in NOT crackabe AES needs a 128 bit key - the cracker has 2^128 different keys and this is also not possible (for the next .. years)
and these algorithms are the state of the art
PS> not 3des or des3 (it's the same) - it's not state of the art, although it's PS> widely used. (it's just des 3 times with 2 different keys (there are 3 PS> possible ways to use the keys: 1-1-2, 1-2-1, 2-1-1), which equals a PS> key-length of 112 bits which is somewhat weak). it is used because of its PS> speed for session-keys, not for passwords. and this is the cause of trible DES and AES are state of the art, and because triple DES is not crackable many distributions use this algorithm.
christian
p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof.
PS> i really want to know more about this attack. please ask your professor and PS> post the details ;-) PS> regards, PS> stefan i try christian __________________________________________________ Gestalte Dein eigenes Handy-Logo unter http://www.yesms.de Ihre eMails auf dem Handy lesen - ohne Zeitverlust - 24h/Tag eMail, FAX, SMS, VoiceMail mit http://www.directbox.com
password cracking : - DES can only be cracked by a brute force attack, because there is no way to crack the s-boxes. - to crack DES, means to find the 56 bit long key. - the cracker has 2^56 different keys, and only one is the right - he has the encrypted password, the algorithm and the way to encrypt passwords, then he tests all 2^56 different keys and compares it with the value of the shadow-file, one key shows the cleartext password
There's a misconception here. People seem to believe that some magic key is used to encrypt the password. This is wrong. It's not the password that gets encrypted. The password is used to encrypt the salt (the two characters the come first in the password field in /etc/shadow). So the key _is_ the password - and there are much more efficient ways to brute forcing passwords using e.g. dictionary attacks. Check out john the ripper (there's a suse package for it called john I think). Choosing a good password hashing algorithm isn't just a question of key size. It's a question of speed, too. Fast algorithms are bad. Slow algorithms are better. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (2)
-
"Christian Röpke" -
Olaf Kirch