--On Monday, April 05, 2010 02:35:01 PM -0500 Nicolas Williams
<[email protected]> wrote:
The crypt approach to password validation is always subject to off-line
dictionary attacks by anyone that can see crypted passwords. The whole
point of using MD5 or some other hash function for crypt is to make each
crypt call slower while allowing no better attacks than to crypt a guess
and compare the result to a crypt value that you have.
Actually, a large part of the point is that traditional crypt(3) cannot
hash a value longer than 56 bits, since it is based on using the password
as a DES key. It also allows the use of a larger salt, which is essential
since modenr storage capacities are large enough for a 12-bit salt to be
pretty meaningless. I'm not convinced that replacing DES with MD5 slows
the operation down enough to matter, or even that it necessarily does so at
all.
By protecting crypted
passwords from being read by attackers you prevent the attack in the
first place.
True. Keep your secrets secret.
_______________________________________________
security-discuss mailing list
[email protected]
