On Sun, Jan 28, 2007 at 11:52:16AM -0500, Steven M. Bellovin wrote: > > > Is that all in one /etc/passwd file (or the NIS equivalent)? Or is it a > Kerberos KDC? I note that a salt buys the defense much less in a
For SDSC, one file. For UCSD, not sure, but I suspect it's (now) a KDC. (Brian, are you on this list?) > Kerberos environment, where capture of the KDC database lets an > attacker roam freely, and the salt simply protects other sites where > users may have used the same password. Agreed. > Beyond that, 60K doesn't make that much of a difference even with a > traditional /etc/passwd file -- it's only an average factor of 15 > reduction in the attacker's workload. While that's not trivial, it's > also less than, say, a one-character increase in average password > length. That said, the NetBSD HMAC-SHA1 password hash, where I had > some input into the design, uses a 32-bit salt, because it's free. I don't disagree with you. I was just addressing your implication (or at least, what I *read* as an implication ;-) that > 4096 users was rare. FWIW, the glibc MD5 crypt function uses a 48-bit hash. also FWIW, salt lengths significatly affect the work factor and storage requirements for pre-computated hashes from dictionaries. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
