Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing password
as the key allows for the optimization that a single HMAC can be keyed, then
copied and reused with each seed. this shortcut actually speeds attack by a
factor of 3. The
Martin James Cochran [EMAIL PROTECTED] writes:
This might work, although 90% of the steps seem to unnecessarily (and
perilously) complicate the algorithm. What's wrong with starting with input
SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
make brute-force attacks
| ... What's wrong with starting
| with input SALT || PASSWORD and iterating N times,
|
| Shouldn't it be USERID || SALT || PASSWORD to guarantee that if
| two users choose the same password they get different hashes?
| It looks to me like this wold make dictionary attacks harder too.
As
- Original Message -
From: Tero Kivinen [EMAIL PROTECTED]
Sent: Monday, October 15, 2007 5:47 AM
Subject: Re: Password hashing
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing
password
as the key allows
Just combining several of my thoughts into a single email.
On the Red Hat proposal:
Why does every undereducated person believe that complexity==security? It is
far better to rely on little things called proofs. There are several
proofs out there with significant impact on this. In particular
Steven M. Bellovin wrote:
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes [EMAIL PROTECTED] wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5
- Original Message -
From: Jim Gellman [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]
Cc: Cryptography cryptography@metzdowd.com
Sent: Saturday, October 13, 2007 1:25 PM
Subject: Re: Password hashing
I'm not sure I follow your notation. Are you saying that IV[n] is the
n'th
, but they render the hashing scheme more
vulnerable to dictionary attacks assisted by (near-)commodity hardware.
Contrast with OpenBSD's blowfish scheme, which is deliberately designed
to not be implementable using off-the-shelf crypto accelerator chips.
Although there are password hashing
I forgot to add the links...
http://people.redhat.com/drepper/sha-crypt.html
http://people.redhat.com/drepper/SHA-crypt.txt
On Oct 11, 2007, at 10:19 PM, james hughes wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512
has been proposed by RedHat but to my
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5 based password
hashing at banks where MD-5 is on the list of do not use algorithms.
I would prefer
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes [EMAIL PROTECTED] wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5 based password
hashing
, or for avoidance of SHA1 since the partial attacks
on it.
Adam
On Thu, Oct 11, 2007 at 10:19:18PM -0700, james hughes wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation
12 matches
Mail list logo
