[Dshield] Crypto Question
Stephane Grobety
security at admin.fulgan.com
Wed Mar 4 07:45:03 GMT 2009
Hello folks.
FK> But for passwords, MD5 is still usable. First off, you don't know the
FK> plain text (that's what you want),
No, that's not what you want. What you want is an input to the
password prompt that will generate the same password hash and that's
called a collision.
FK> so you have to start a brute-force
FK> attack.
No you don't. This attack is an off-line attack against the password
hash file, no an on-line attack against the prompt.
One additional question could be wether salting the password will make
that collision-finding attack impossible or even more difficult but
we're talking implementation-specific protection here.
FK> I believe for
FK> password hashing, MD5 is still acceptable.
I believe you're wrong for the reason listed above. Or at least, the
level of security MD5-hashed passwords provide against an off-line
attack is severely lowered.
But I think the main point isn't really against the technical
difficulty of breaking the password here at all. The way I see it,
XORing the password with the receipt of your favorite dish is, in
practice, good enough security since the weakest link aren't the
password files but the users.
The real point here is standard compliance. These standards are often
absurds, outdated or simply extravagant from a security point of view
but the reason you're following them is not security: it's so that
that auditors will be able to hand you a paper that say that you're
following the "industry best practices" or whatever level of
certification you need to shine with (or simply be allowed to deal
with) your customers, banks, governments and other bureaucracy. And
ultimately, these are in place to cover the butts of one of these
institution against their regulators or insurance in case of trouble.
Regards,
Stephane
More information about the Dshield
mailing list