Nick Harring writes: > Storing cleartext passwords is generally horrible security, so this and > that don't really relate to each other.
Except to the extent that vpopmail now supports cleartext passwords (I have a vague memory they're needed for CRAM authentication) > I whole heartedly agree. I've been poking around with #ifdef'ing around > the seeding of srandom, however I think your later suggestion of just > replacing rand() with reads from /dev/urandom is the Right Way. It's slightly more efficient not to seed rand if you're not going to use it. > Brute force is not the only attack. Precomputed attacks can be very > effective if the salt space is small. > > Precomputed attacks are brute force, I beg to differ. They are force, but not brute force. Brute force is trying random passwords until you succeed. A precomputed attack relies upon the fact that many people choose poor passwords, as does crack. Neither are brute force because they reduce the search space in a semi-intelligent fashion. In fact a precomputed attack is somewhat more intelligent than crack as the computer-intensive part is stored for re-use. > Precomputation just reduces the time frame required to run said brute > force attack. If you're guessing at each element, without any feedback > or algorithm other than trying a list of sequential possibilities, > you're brute forcing. Any algorithm that gives you an improvement on purely random guesses can no longer be considered brute force. > > I would add more #ifdefs to replace the call to rand with a read from > > /dev/urandom. Using /dev/urandom to seed rand() only gets you 32 bits > > of entropy (on most architectures). > > This is the Right Thing imho. Indeed. If you have /dev/urandom available what's the point of using rand at all? Using it to seed rand is slightly better than the seed suggested by Wall but doesn't buy you much extra entropy and never more than 32 bits (on most architectures). -- Paul Allen Softflare Support
