Hi gang,
As an outsider, sort of, looking in I had an interesting thought
about this. Since insider threats are the biggest problem, what
vector could an insider use against password hashes to gain root
password access?
The problem with Rainbow tables is that they would be too massive
when the salt was 4096 to be practical unless you had the power
of NSA or an equivalent supporting your efforts.
However, what about attacking the salt? How good is the PRNG for
the salt? Is it at all predictable?
Here is one approach that might work. Keep entering the same
password(s) and collecting the resultant hashes until you get
several duplicates. Then analyze the results to see if there is a
pattern to the repetition that would allow for a birthday attack
against the salt that would allow an attack against the root
password hash or other administrative rights password hashes that
could be collected.
I suspect this would be somewhat difficult to code but once done
almost the entire attack could be done off-line on a machine that
uses the same password hash creation mechanism so you wouldn't
trigger an IDS or similar audit process on the network under attack.
Given the long history of industrial espionage in the corporate
world I'm sure that there are probably small teams working to
collect information that have somewhat more resources than an
individual or outsider group might have, making the effort
required feasible.
Thoughts?
Best,
Allen
Leichter, Jerry wrote:
| ...One sometimes sees claims that increasing the salt size is important.
| That's very far from clear to me. A collision in the salt between
| two entries in the password file lets you try each guess against two
| users' entries. Since calculating the guess is the hard part,
| that's a savings for the attacker. With 4K possible salts, you'd need a
[snipped]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
