Re: passwd hashing algorithm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: ADMINISTRATOR.ROUTER@SMROUTER.IDCG.COM: "ERROR REPLY: Re: Kerberos availability (Re: NIS)"
• Previous message: ADMINISTRATOR.ROUTER@SMROUTER.IDCG.COM: "Re: syslog (WAS: chroot'ed environment?)"
• In reply to: John F. Haugh II: "Re: passwd hashing algorithm"
• Next in thread: John F. Haugh II: "Re: passwd hashing algorithm"

> My replies have always been in the context of what Shadow does for long
> passwords.  Yes, there has been some confusion in this thread.  I was, uh,
> quite shocked to see what David Wagner was really talking about because
> it is pretty obvious that it has security problems.  Essentially, it
> removes the 1:1 cleartext to ciphertext relationship that some of us feel
> crypt() has.  I don't know what the new relationship is, but its probably
> GodAwfulLarge to 1.  Once you assume that there are GodAwfulMany passwords
> which yield the same result, the 2^56 brute force attack is much easier.

The posted data just shows that two strings with differing salts
can hash to the same value (without the salt).  This doesn't buy
you anything since the salt is used in the compare when doing
authentication.  The post did not show that two passwords can
hash to the same value while using the same salt (and it doesn't
show that it can't either).  

Your second statement (...but its probably ...) seems to be based 
on nothing but pessimism.

> John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
> Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   @'s: jfh@rpp386.cactus.org

                                     Tim N.

• Next message: ADMINISTRATOR.ROUTER@SMROUTER.IDCG.COM: "ERROR REPLY: Re: Kerberos availability (Re: NIS)"
• Previous message: ADMINISTRATOR.ROUTER@SMROUTER.IDCG.COM: "Re: syslog (WAS: chroot'ed environment?)"
• In reply to: John F. Haugh II: "Re: passwd hashing algorithm"
• Next in thread: John F. Haugh II: "Re: passwd hashing algorithm"