On Mon, Aug 20, 2007 at 09:57:38AM +0400, Stanislav Maslovski wrote: > On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote: > > Stanislav Maslovski <[EMAIL PROTECTED]> writes: > > > > > What do you say, can MD5-based OPIE system be still considered secure? > > > In the repository there are opie-server and opie-client. > > > > > Do I understand right that the strength of this system is the strength of > > > one step of MD5? Are there any alternatives where a different hashing > > > function can be choosen (if that is advisable)? > > > > The weakness in MD5 is not yet of the type that is likely to compromise > > OPIE systems, IMO. The attacker still has to have quite a lot of control > > over what's being compared. Of course, changing to a better hash > > algorithm is still a good idea. > > Another thing that bothers me is that OPIE's hash is 64 bits. If the > infamous birthday attack applies here than only about 2^32 tries are needed
No, I am probably wrong. It does not apply when one sequence (the last password) from a pair of sequences is fixed, right? So, it is full 2^64 space. -- Stanislav -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
