Kurt Zeilenga <[email protected]> writes: > On Dec 17, 2009, at 9:55 AM, Simon Josefsson wrote: > >> Low iteration counts removes one nice features of SCRAM (mitigating >> dictionary attacks on stolen hash databases). > > It's only a nice feature if you can take advantage of it. If you need > to support multiple password mechanisms, each either their own hashed > password, you'd end up storing each. And then the attacker need only > attack the weakest. And with need to service providers to support > DIGEST-MD5 and CRAM-MD5, to the most popular password-based > mechanisms, the weakest is not much stronger than cleartext.
I agree, if you assume that servers are the weakest link in the chain. This is a typical goal for service providers to optimize for, since they want to do what they can to make the server a hard link in the chain. Unfortunately, this server-side security optimization cause other chains in the link to be weakened: It is not only servers that can take advantage of hashed passwords, though, the clients can make use if it too. If servers sets a norm of using a low iteration count, clients will be an even weaker link in the chain. The weakest link could also be the network -- if low iteration counts is the norm, dictionary attacks on the traffic may be feasible. /Simon _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
