> I must be missing something. A brute force attack on a one byte password > must be prepared for 256 attempts. The same attack on a two byte password > must be prepared for 65,536 attempts which is significantly more than the > 512 you suggest. How is the increase not exponential?
This is why I wrote "flawed implementation". The first 8-bytes behave as expected, meaning that each additional character in the password candidate increases the effort exponentially (depending on the alphabet size, which is not 256, but much smaller). One would expect that the 9th byte will increase the effort also exponentially, but this is not the case. The password phrase hash can be split into blocks of 8 bytes, and each of them "cracked" independently, also in parallel. Another flaw, concerning the hash storage, allows for collisions in the last block, if the phrase length is not exactly multiple of 8. This means that, cryptographically, the attack complexity is almost the same as for 8-byte passwords (except for the plain text alphabet, which for phrases is larger). I'd rather not give out the implementation details on the list as everybody seems to be a bit paranoid about releasing tech specs about this stuff (aid the hackers, etc.). Costin ________________________________ From: retired mainframer <[email protected]> To: [email protected] Sent: Monday, 2 September 2013, 0:16 Subject: Re: RACF Database protection :>: -----Original Message----- :>: From: IBM Mainframe Discussion List [mailto:[email protected]] On :>: Behalf Of Costin Enache :>: Sent: Sunday, September 01, 2013 12:04 PM :>: To: [email protected] :>: Subject: Re: RACF Database protection :>: :>: Small :>: clarification: The usage of password phrases instead of passwords does :>: not :>: increase the complexity of a brute-force attack against the encrypted :>: hashes, :>: in case the RACF DB gets compromised (flawed / insecure DES :>: implementation). :>: The time required for recovering a 16-byte password phrase is two times :>: the time :>: required for an eight-byte password, for a 24-byte phrase three times, :>: etc. :>: (the required time does not increase exponentially, as expected). I must be missing something. A brute force attack on a one byte password must be prepared for 256 attempts. The same attack on a two byte password must be prepared for 65,536 attempts which is significantly more than the 512 you suggest. How is the increase not exponential? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
