Il giorno 13/feb/2013, alle ore 21:54, Donald Stufft <[email protected]> ha scritto:
> On Wednesday, February 13, 2013 at 3:36 PM, Antoine Pitrou wrote: >> Donald Stufft <donald.stufft <at> gmail.com> writes: >>> >>> Why is it worse? SHA1 isn't terribly broken AFAIK. >>> >>> Because you lower the available entropy, "birthday paradox". >> >> How so? Collisions are highly unlikely on a non-broken 160-bit hash function. >> I don't understand how the birthday paradox is a practical problem. >> >> Regards >> >> Antoine. > Sorry I was wrong about why. I asked the Security Researcher at work (I'm not > an expert, I just implement solutions the experts come up with ;) ) > > bcrypt(sha1(plaintext)) is bad because sha1 shouldn't be used because it's > been > "broken". bcrypt(sha256(plaintext)) is better than just plain > bcrypt(plaintext) because > because only considers a maximum number of characters (I believe it's in the > 50's). > > So basically bcrypt of a hash is secure as long as the hash is secure, but > sha1 shouldn't be considered secure anymore. You probably forgot to tell your security researcher that we *start* from sha1 hashes. bcrypt(sha1(pt)) shouldn't be used as a "final algorithm" because sha1 is academically broken and might be real-world broken in the next few years to the point to actually reduce entropy a bit (but let's also remember that a normal average password has an estimated entropy in the range 20-40 bits). In fact, nobody here is suggesting to use bcrypt(sha1(pt)) forever, and in fact the code would upgrade to bcrypt(pt) as soon as possible (first login). But there is no question that it's far better to store bcrypt(sha1(pt)) in a database rather than sha1(pt). I would be surprised if somebody argued otherwise. -- Giovanni Bajo :: [email protected] Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
