On Sun, Jan 28, 2007 at 11:52:16AM -0500, Steven M. Bellovin wrote:
> > 
> Is that all in one /etc/passwd file (or the NIS equivalent)?  Or is it a
> Kerberos KDC?  I note that a salt buys the defense much less in a

For SDSC, one file.  For UCSD, not sure, but I suspect it's (now) a KDC.
(Brian, are you on this list?)

> Kerberos environment, where capture of the KDC database lets an
> attacker roam freely, and the salt simply protects other sites where
> users may have used the same password.


> Beyond that, 60K doesn't make that much of a difference even with a
> traditional /etc/passwd file -- it's only an average factor of 15
> reduction in the attacker's workload.  While that's not trivial, it's
> also less than, say,  a one-character increase in average password
> length.  That said, the NetBSD HMAC-SHA1 password hash, where I had
> some input into the design, uses a 32-bit salt, because it's free.

I don't disagree with you.  I was just addressing your implication
(or at least, what I *read* as an implication ;-) that > 4096 users
was rare.

FWIW, the glibc MD5 crypt function uses a 48-bit hash.

also FWIW, salt lengths significatly affect  the work factor and storage
requirements for pre-computated hashes from dictionaries.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to