On Mon, Aug 20, 2007 at 09:57:38AM +0400, Stanislav Maslovski wrote:
On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote:
Stanislav Maslovski [EMAIL PROTECTED] writes:
What do you say, can MD5-based OPIE system be still considered secure?
In the repository there are opie-server and opie-client.
Do I understand right that the strength of this system is the strength of
one step of MD5? Are there any alternatives where a different hashing
function can be choosen (if that is advisable)?
The weakness in MD5 is not yet of the type that is likely to compromise
OPIE systems, IMO. The attacker still has to have quite a lot of control
over what's being compared. Of course, changing to a better hash
algorithm is still a good idea.
Another thing that bothers me is that OPIE's hash is 64 bits. If the
infamous birthday attack applies here than only about 2^32 tries are needed
No, I am probably wrong. It does not apply when one sequence (the last
password) from a pair of sequences is fixed, right? So, it is full 2^64 space.
--
Stanislav
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
