Re: How good an encryption algorithm is this?
From: Igor Tandetnik (itandetnik_at_mvps.org)
Date: 11/24/04
- Next message: Nicholas Paldino [.NET/C# MVP]: "Re: deploying and using web services at runtime (Again)"
- Previous message: David Browne: "Re: Inheritance Design Question"
- In reply to: RoyFine: "Re: How good an encryption algorithm is this?"
- Next in thread: Bonj: "Re: How good an encryption algorithm is this?"
- Reply: Bonj: "Re: How good an encryption algorithm is this?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 11:06:50 -0500
"RoyFine" <rlfine@obfuscate.net> wrote in message
news:e0jddxj0EHA.3596@TK2MSFTNGP12.phx.gbl
> consider a database table that has encrypted passwords (not simple xor
> mapping encryption, but a one-way hash of the password). if i look
> at the encrypted password values, it seems like just so much muddle
> to me. but in my spare time, i hash 5 million or so common passwords
> (in prior spare time, i wrote a program to generate these) and i save
> the hashed value with the plaintext. then i look in your password
> table, and i just might find a few values there that are the same as
> the ones that i computed - if we used the same algorithm to hash,
> then i have just discovered a few passwords. this is a dictionary
> attack (using my dictionary of plaintext trial passwords and the
> corresponding hash)! the literature suggests that with todays
> computer power, these sorts of attacks are trivial and you can break
> an entire password file of a hundred or so in just minutes.
>
> Enter *Salt* - salt is a random string that is concatenated with the
> plaintext passwod before you run it through the hash (one-way)
> function, then both the salt and the one way has are stored in the
> database. if you are using a system generated guid, then every
> stored value is now 128 bits longer. but the dictionary attack just
> got a lot harder - now i have to compute the dictionary once for
> every password/salt combination. now, instead of minutes to recover
> the passwords, the time jumps up to a couple of weeks - see feldmeier
> and karn, unix security-10 years later, applied cryptography [pg
> 52-53] by bruce scheiner, and the following link:
> http://groups.google.com/groups?selm=690j3h%241l5%40bgtnsc02.worldnet.att.net&output=gplain
To make dictionary attack even more difficult, you can use stretching
(aka iteration) - instead of just calculating the hash once, you iterate
it 2^N times for some N. Iterate means you calculate the hash of the
password+salt, then the hash of that hash, then the hash of last hash
and so on. The point of the exercise is as follows: when you verify the
password, you need to perform this iteration only once. Suppose it takes
you a second to do that - not too terrible for the user to wait.
However, the attacker perapring the dictionary must do the iteration for
each password/salt combination, and those seconds start to add up. If
the unsalted password could be attacked in minutes, salted one in weeks,
then for salted and stretched it might take years or decades.
--
With best wishes,
Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925
- Next message: Nicholas Paldino [.NET/C# MVP]: "Re: deploying and using web services at runtime (Again)"
- Previous message: David Browne: "Re: Inheritance Design Question"
- In reply to: RoyFine: "Re: How good an encryption algorithm is this?"
- Next in thread: Bonj: "Re: How good an encryption algorithm is this?"
- Reply: Bonj: "Re: How good an encryption algorithm is this?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
