Re: How good an encryption algorithm is this?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Roy Fine (rlfine_at_twt.obfuscate.net)
Date: 11/26/04 

Date: Fri, 26 Nov 2004 13:21:10 -0500

Hendrik

assume that you have a password file that contains all of the hash values
for all of the passwords of users in the system.

asssume that i know your hash algorithm - so i just hash a 5 or 6 million
common passwords, and store the password and hashed value in a database
structure - that becomes my dictionary of hashed passwords. the generation
of the dictionary took quite a while to generate (maybe a couple of months),
but now that i have it, and access is quick.

now assume that i get access to your file that contains the hashed
passwords. I see the hashed value "xyz" in the file, where xyz is on the
order of some random 128 bit value. i look up xyz in my table of hashed
passwords and see if there is any password that hashed to xyz - if so, i
know the value that hashed to xyz, and therefore i know the password.

now consider the case where you concatentate a salt value to every password
before hashing it, and you then store two values in the password file - the
salt and the hashed value. you need to store the salt (it is unique for
each entry in the password file) in order to verify a password. i get
access to your new file, and now i have to rebuild my dictionary once for
every password/salt combination that i find. that is certainly doable - but
instead of cracking 50% of your unsalted password file in a matter of
minutes, it now takes a couple of months for each password/salt combination.
if your users change their passwrds every 4 weeks, then i am out of luck
until i get a *much* faster computer.

bottom line - salt only addresses one kind of attack -the dictionary attack,
and then, the salt only makes it more difficult

regards
roy fine

"Hendrik Schober" <SpamTrap@gmx.de> wrote in message
news:co7v7o$43n$1@news1.transmedia.de...
> Jon Skeet [C# MVP] <skeet@pobox.com> wrote:
> > [...]
> > > > The salt is generated randomly when the encrypted password is
stored,
> > > > and stored *with* that password.
> > >
> > > I am not getting it. If the salt becomes
> > > part of the data to get hashed, and is
> > > stored with the hashed data, isn't it
> > > then that I simply know part of the data
> > > to get hashed?
> > > I know must be wrong here somewhere, I'm
> > > just not seeing where.
> >
> > Yes, you know part of the data to get hashed. However, it means that if
> > you want to precompute *all* the possible hashes, it takes much longer.
> > Basically it's a measure against dictionary attacks.
>
>
> Mhmm. I don't get it.
> Let's assume we have some data D that gets
> hashed. Then we have some salt value S,
> which gets stored along with the hashed
> data H.
> Without the salting, we would try to find
> D's that, when hashed, become H.
> With salting, we try to find D's that, wenn
> added S and then hashed, become H.
> The difference is that the second method
> requires us to add S before hashing D. But
> this is only one operation, so it doesn't
> multiply the number of tries we need?
> What am I missing?
>
> Schobi
>
> --
> SpamTrap@gmx.de is never read
> I'm Schobi at suespammers dot org
>
> "The presence of those seeking the truth is infinitely
> to be prefered to those thinking they've found it."
> Terry Pratchett
>
>

Relevant Pages

  • Re: How good an encryption algorithm is this?
    ... I see the hashed value "xyz" in the file, ... and you then store two values in the password file - the ... salt and the hashed value. ... bottom line - salt only addresses one kind of attack -the dictionary attack, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Hashed password secure?
    ... Consider the way that a typical password hash attack program works. ... the salt, and then it hashes the dictionary once for each unique salt value ... again, 2^8 different salt values in the password file, but the attacker ... But what about the legitimate verifier? ...
    (sci.crypt)
  • Re: Values to use for a salt?
    ... Ask yourself how you would go about attacking the password file of a ... The salt should be as unrelated as possible to the thing being hashed, ... Dave Aronson, Senior Software Engineer, Secure Software Inc. ...
    (SecProg)
  • Re: virtue of salted passwords
    ... >search is to append the salt to every word. ... the login authentication takes the characters ... If the hash just created matches - you're in. ... The reason for the salt was that originally, the password file was ...
    (alt.computer.security)
  • Re: WindowXP password wotsit , Re: What laws did PC repair co. break by hacking my laptop?
    ... dictionary attack. ... A first step might be to ask the owner if he had used the password for ... Or, if he wasn't cooperating, go and see if he had.. ... example, save a copy of the password file, reset the ...
    (uk.legal)