On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote: > Stanislav Maslovski <[EMAIL PROTECTED]> writes: > > > What do you say, can MD5-based OPIE system be still considered secure? > > In the repository there are opie-server and opie-client. > > > Do I understand right that the strength of this system is the strength of > > one step of MD5? Are there any alternatives where a different hashing > > function can be choosen (if that is advisable)? > > The weakness in MD5 is not yet of the type that is likely to compromise > OPIE systems, IMO. The attacker still has to have quite a lot of control > over what's being compared. Of course, changing to a better hash > algorithm is still a good idea.
Another thing that bothers me is that OPIE's hash is 64 bits. If the infamous birthday attack applies here than only about 2^32 tries are needed to find a 64 bit sequence with a hash that will collide with the last OPIE password (which is assumed to be seen by an intruder). -- Stanislav -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]