-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moin,
On Tuesday 23 January 2007 05:10, Gregory Maxwell wrote:
On 1/22/07, Ivan Krstić
<krstic(a)solarsail.hcs.harvard.edu> wrote:
[snip]
Generally, the only password hashing scenario in
which the choice of
algorithm makes a difference at all is an offline attack once the
password table has been compromised, at which point, the difference
between one algorithm and the next is nothing more but how long you can
hold off a brute-forcing attacker. And for that, without preimage
attacks, the known MD5 and SHA-1 flaws make about zero difference for
any practical purpose.
Ivan is right on in his statements here.
[snip]
I agree that changing the hashing algorithm is unnec. here.
But:
(/me waits for someone to notice my above H(s
+'-'+H(P)) above and cry
about the minor precomputation a smart attacker can do to reduce the
workload from 2*users*passwords MD5s to passwords + passwords*users
MD5s)
Actually, if you want to strengthen the password-hash table against some
offline brute-force/dictionary attacks, you should hash them with a
function that takes a long time per test, but still not enough time to slow
down the log-in servers.
Something like
hash = H(password);
for (0..100) { hash = H(hash); }
What function you actually use for H(), may it be MD5 or SHA1, is
practically irrelevant here, tho, but when you migrate to such a scheme,
you might as well use SHA256 instead of MD5 (even if it is just to quiten
all the "MD5 is insecure" cryers :)
Best wishes,
Tels
- --
Signed on Tue Jan 23 18:45:25 2007 with key 0x93B84C15.
View my photo gallery:
http://bloodgate.com/photos
PGP key on
http://bloodgate.com/tels.asc or per email.
"Don't worry about people stealing your ideas. If your ideas are any
good, you'll have to ram them down people's throats." -- Howard Aiken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRbZLXXcLPEOTuEwVAQIsVgf/TT7IievMKYiO46duA3FvZCrJjh5incDb
BxRZ8YX7CXqXfoVuYKY2lQfztSg0yb1Z1Eyr9Z/ELrKZqEmcQIUOVCNOWcjSKesT
c0Rg3p/FTx1Q/Yds7LMO/YZpLy3Fz0Ow5HgDyH+0BGNuaz90nwClpJ3J8kosbL6q
sHGm2in15JmRtRiNwQPJ77NpNQWkFAbB8E7WUh/PATSfGficA4lClKSyYxZlAugq
V1wo91/3FbSdfcOvOCpDXZRVUOATIlQU0Uig9+dWpeiFa6CP6sPk3pS3bP3feCvU
b2I2vYDuvnb59Wxa+PNEQRrCjOk5X9Bqab3qqTMqwdZce24k3WWh2w==
=rn3c
-----END PGP SIGNATURE-----