How about blowfish? Since that is available for password encryption in Solaris
9 and above.
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Octave J. Orgeron
Solaris Systems Engineer
http://www.opensolaris.org/os/community/sysadmin/
http://unixconsole.blogspot.com
[EMAIL PROTECTED]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
----- Original Message ----
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: UNIX admin <[EMAIL PROTECTED]>
Cc: opensolaris-discuss@opensolaris.org
Sent: Friday, January 11, 2008 3:16:38 AM
Subject: Re: [osol-discuss] NSA has backdoors into Windows?
>
>What you're basically saying is, if you can't fathom how somebody
could use
>the information from that document to brute force an MD5 hash, it
doesn't
>have anything to do with it.
No, that's not at all what I am saying, and you don't seem to
understand a
few of the basic concepts here.
E.g., "brute force" has nothing to do with the paper; any hashing
algortimh can be brute forced in theory,if you disregard certain facts
about the size and the age of the known universe.
The paper, however, is not about "brute force"; it's about a break of
MD5
when applied to hash documents; MUCH quicker than brute force.
Now when it comes to password hashing, things are very different.
As with DES which has several weaknesses which make the key strength
somewhat less than the 56 bits, there still is no better algorithm than
brute force for cracking DES passwords. (But there are only 2^56
different passwords so brute forcing them is feasible) The reason for
this is that the crypt() routines calls DES 25 times and uses the
password
as the *key*. It always encrypts the same plain text (all 0s) and
as such it does not allow the standard attacks against DES to be
performed
on the encrypted passwords
So what we have is: theoretical break in DES -> password hashing with
DES
NOT weaker.
The same applies to the md5 password hashes: the md5 algorithm is run
many
times and in order to reverse the password you will need to find a
matching
cleartext with certain properties (it starts with the same standard
text
and then adds in the md5 hash from the step before) for a certain md5
hash
and that 1000 or more times (each for every step of the algorithm).
The theoretical break does not allow for finding even one such hash;
it allows only to construct two documents with the same hash and that
is quite a bit different.
>You do know that busting MD5 hashes is as easy as cutting & pasting
them into Google?
Do you have any idea how big a number 2^128 (the number of possible md5
hashes) is? Do you REALLY thing they can all be found with google?
What would you do when you find a hash which matches the password file?
You can't use it as password because the md5 hash stored is NOT the
hash of the password but rather the result of a rather lengthier
process
of mixing bits.
Brute force is the only option for md5 hashes; standard methods like
crack
will for for this if you plugin a new crypt algorithm.
However, the key space is not longer 2^56, a number which can easily be
brute forced, (a million computers doing a million cracks per second
each would
be finished within a day), but the rather longer 2^128. (a billion
computers doing a billion cracks per second each would require 10^13
years
to complete the task)
Casper
Casper
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
