Re: How good an encryption algorithm is this?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: RoyFine (rlfine_at_obfuscate.net)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 10:46:43 -0500

bonj

as we move into definitions, we must be a bit more careful - so i set the
stage first.

consider a database table that has encrypted passwords (not simple xor
mapping encryption, but a one-way hash of the password). if i look at the
encrypted password values, it seems like just so much muddle to me. but in
my spare time, i hash 5 million or so common passwords (in prior spare time,
i wrote a program to generate these) and i save the hashed value with the
plaintext. then i look in your password table, and i just might find a few
values there that are the same as the ones that i computed - if we used the
same algorithm to hash, then i have just discovered a few passwords. this
is a dictionary attack (using my dictionary of plaintext trial passwords and
the corresponding hash)! the literature suggests that with todays computer
power, these sorts of attacks are trivial and you can break an entire
password file of a hundred or so in just minutes.

Enter *Salt* - salt is a random string that is concatenated with the
plaintext passwod before you run it through the hash (one-way) function,
then both the salt and the one way has are stored in the database. if you
are using a system generated guid, then every stored value is now 128 bits
longer. but the dictionary attack just got a lot harder - now i have to
compute the dictionary once for every password/salt combination. now,
instead of minutes to recover the passwords, the time jumps up to a couple
of weeks - see feldmeier and karn, unix security-10 years later, applied
cryptography [pg 52-53] by bruce scheiner, and the following link:
http://groups.google.com/groups?selm=690j3h%241l5%40bgtnsc02.worldnet.att.net&output=gplain

roy

"Bonj" <benjtaylor at hotpop d0t com> wrote in message
news:ecSyzNf0EHA.3596@TK2MSFTNGP12.phx.gbl...
> Interesting... thanks.
>
> Can you explain to me or point me to any resource which explains what
> "salting" is?
>
>
> "Roy Fine" <rlfine@twt.obfuscate.net> wrote in message
> news:OCG2nHc0EHA.4004@tk2msftngp13.phx.gbl...
> >
> > "Igor Tandetnik" <itandetnik@mvps.org> wrote in message
> > news:%23uHOnVb0EHA.3452@TK2MSFTNGP14.phx.gbl...
> >> "Roy Fine" <rlfine@twt.obfuscate.net> wrote in message
> >> news:eQtfZQb0EHA.2192@TK2MSFTNGP14.phx.gbl
> >> > You have essentially implemented a stream cipher - and they are much
> >> > easier to beat than are block ciphers.
> >>
> >> Not if they are implemented correctly - that is, with a key stream that
> >> is an output of a cryptographically strong random number generator.
What
> >> Bonj has is a stream cipher with a repeated key, aka Vigenere cipher.
> >> Those are known to be weak and easily broken.
> >> --
> >
> > stream cipers are easier to beat than are block ciphers - byte 0 of
stream
> > cipher can be decoded with NO other information from any other bytes in
> > the
> > stream, byte 1 plaintext can be discovered using only byte 1 decoded and
> > byte 0 plaintext - consider block ciphers that have to be broken one
block
> > at a time - typically 16 bytes at a time.
> >
> > In the absence of a salt value, these stream ciphers, even based on
> > "cryptographically strong random number generator" are trivial against a
> > dictionary attack.
> >
> > You pointed out earlier, the XOR was a simple linear function - and that
> > is
> > about as good as your will ever get on a stream cipher. You don't see
> > non-linear functions introduced (S-Box) until you get to block ciphers.
> >
> > roy
> >
> >
> >> With best wishes,
> >> Igor Tandetnik
> >>
> >> With sufficient thrust, pigs fly just fine. However, this is not
> >> necessarily a good idea. It is hard to be sure where they are going to
> >> land, and it could be dangerous sitting under them as they fly
> >> overhead. -- RFC 1925
> >>
> >>
> >
> >
>
>

Relevant Pages

  • Re: How good an encryption algorithm is this?
    ... mapping encryption, but a one-way hash of the password). ... my spare time, i hash 5 million or so common passwords (in prior spare time, ... but the dictionary attack just got a lot harder - now i have to ...
    (microsoft.public.vc.language)
  • Re: Password hashes
    ... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows XP / 2K3 Default Users
    ... Cracking the 'passwords' has never been ... The gist of the 'technique' is the "Modifying Windows NT Logon Credential" ... existing windows applications that use the hash currently set to ... and then re-use those hashes to try to get authenticated access to other ...
    (Pen-Test)
  • Re: Pidgin IM Client Password Disclosure Vulnerability.
    ... because we need to be able to generate the hash a given ... Some protocols can ask for different types of hashes at ... passwords stored in it ... lost, you have much bigger problems than lost IM passwords. ...
    (Bugtraq)
  • Re: Decrypt fails
    ... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
    (microsoft.public.platformsdk.security)