Re: Tool to crypt a password

2017-02-06 Thread Teemu Likonen 
Nicolas George [2017-02-06 19:41:45+01] wrote:

> L'octidi 18 pluviôse, an CCXXV, Teemu Likonen a écrit :
>> I'm not expert in this area but from what I have read I'm quite sure
>> that 3DES is still very much safe. There are no known practical attack
>> methods and it's still used for serious encryption.
>
> I think you are mistaken.
>
> As a block cipher, even if there are no attacks against 3DES itself, it
> is considered unsafe like all block ciphers with 64-bits blocks due to
> birthday attacks. But that is not what we are talking about here.
>
> The 3DES-derived crypt() implementation is bad for nowadays passwords
> for (at least) two reasons.

Thanks for the info. Indeed I wasn't paying enough attention to this
particular case.


signature.asc
Description: PGP signature

Re: Tool to crypt a password

2017-02-06 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Feb 06, 2017 at 05:43:32PM +0100, Nicolas George wrote:
> L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit :
> > I wrote this many years ago.  It's primitive, but may suit:
> > 
> > http://wooledge.org/~greg/crypt/
> 
> Indeed. Unfortunately, it suffers from a limitation similar to the one
> of htpasswd: it only supports 3DES, the oldest and weakest hashing
> algorithm.

My version of htpasswd (apache2-utils 2.4.10-10+deb8u7) supports
MD5 (-m), bcrypt (-B, with settable computing cost, -C), crypt (-d),
SHA (-s), and plaintext (-p, duh :-D

Default is MD5.

AFAIR it prefixes the passwords with the method, so they can be mixed
and matched in one file.

So perhaps it is what you are looking for.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAliY4qoACgkQBcgs9XrR2kbl/ACeLvkB8Nr19jqTuTgStwuQZXFU
WJIAnjYZELhrBAfpQefPU/D8EG5vhUjb
=Z7ZM
-END PGP SIGNATURE-

Re: Tool to crypt a password

2017-02-06 Thread Nicolas George 
L'octidi 18 pluviôse, an CCXXV, Teemu Likonen a écrit :
> I'm not expert in this area but from what I have read I'm quite sure
> that 3DES is still very much safe. There are no known practical attack
> methods and it's still used for serious encryption.

I think you are mistaken.

As a block cipher, even if there are no attacks against 3DES itself, it
is considered unsafe like all block ciphers with 64-bits blocks due to
birthday attacks. But that is not what we are talking about here.

The 3DES-derived crypt() implementation is bad for nowadays passwords
for (at least) two reasons.

The first one is quite obvious: it only takes into account the first
eight characters of the password. Try this:

perl -e 'for (1, 2) { print crypt("abcdefgh$_", "XY"), "\n" }'

You will get the same output for abcdefgh1 and abcdefgh2.

The second reason is that it is way too fast, it makes off-line
brute-force practical for passwords that are just a little too short.

More modern crypt() implementations not only use the slower SHA-2
hashes, but they perform several thousands rounds of it. The default
nowadays seems to be SHA-512 with 5000 rounds, allowing less than 400
runs per second on a 3.5 GHz Core i7. The required time is directly
proportional to the number of rounds.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: Tool to crypt a password

2017-02-06 Thread Teemu Likonen 
Nicolas George [2017-02-06 17:43:32+01] wrote:

> L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit :
>> I wrote this many years ago.  It's primitive, but may suit:
>> 
>> http://wooledge.org/~greg/crypt/
>
> Indeed. Unfortunately, it suffers from a limitation similar to the one
> of htpasswd: it only supports 3DES, the oldest and weakest hashing
> algorithm.

I'm not expert in this area but from what I have read I'm quite sure
that 3DES is still very much safe. There are no known practical attack
methods and it's still used for serious encryption.

Wikipedia has some information (with references) and this was discussed
recently in GnuPG users mailing list.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Re: Tool to crypt a password

2017-02-06 Thread Nicolas George 
L'octidi 18 pluviôse, an CCXXV, Greg Wooledge a écrit :
> I wrote this many years ago.  It's primitive, but may suit:
> 
> http://wooledge.org/~greg/crypt/

Indeed. Unfortunately, it suffers from a limitation similar to the one
of htpasswd: it only supports 3DES, the oldest and weakest hashing
algorithm.

Well, I see it can accept an explicit salt, forcing the use of any
supported algorithm. But that requires something else to generate the
salt, which is the most annoying part to implement, because if you
already have a salt, perl -e 'print crypt("pass", "\$6\$salt\$"), "\n"'
does the trick.

I guess many people have implemented a rudimentary variant of that kind
of tool (mine is ~30 lines of perl) but nobody went the last kilometer.

> Oh  Um.  No?  Or, you could package it yourself?  I guess that's not
> what you actually meant though.  I guess you meant "something that can
> be installed on someone else's computer without freaking them out".

Exactly. In fact, I cannot understand why it is not already present in
util-linux or coreutils.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: Tool to crypt a password

2017-02-06 Thread Greg Wooledge 
On Mon, Feb 06, 2017 at 05:28:39PM +0100, Nicolas George wrote:
> Does anybody know a packaged program that provides a simple but good
> interface to the libc's crypt() function?

I wrote this many years ago.  It's primitive, but may suit:

http://wooledge.org/~greg/crypt/

> [...] a packaged program [...]

Oh  Um.  No?  Or, you could package it yourself?  I guess that's not
what you actually meant though.  I guess you meant "something that can
be installed on someone else's computer without freaking them out".