On Fri, Aug 20, 2010 at 7:38 PM, Jonathan Leybovich wrote:
> These attacks (typically aimed at digital signatures) do not allow themselves
> the luxury of assuming the extremely small pre-image space that is typical for
> user-entered passwords, though. This makes brute-force attacks feasible an
Liangent wrote:
> On 8/20/10, Aryeh Gregor wrote:
>> They can do things like intercept any connections to the site,
>> providing a forged certificate for HTTPS via a CA they control, and
>> steal passwords or cookies.
>
> See this: https://bugzilla.mozilla.org/show_bug.cgi?id=542689
The solution
On 8/20/10, Aryeh Gregor wrote:
> They can do things like intercept any connections to the site,
> providing a forged certificate for HTTPS via a CA they control, and
> steal passwords or cookies.
See this: https://bugzilla.mozilla.org/show_bug.cgi?id=542689
_
Дана Saturday 21 August 2010 08:17:17 MZMcBride написа:
> Tgr wrote:
> > A totalitarian government going after checkuser access is not
> > an unimaginable scenario either.
>
> Yes, it is.
Well, given that he has just imagined it, it is definitely not unimaginable :)
__
Aryeh Gregor wrote:
> I don't think so. I think it's completely reasonable, when talking
> about Wikipedia. Hackers go after money, and there's no money in
> hacking Wikipedia. We have nothing secret or valuable that's not
> already readily available. We have no black-market competitors who
> w
Aryeh Gregor wrote:
> As I noted above, there are hash functions whose security is provable
> based on the exact same assumptions used to prove security of various
> popular asymmetric encryption schemes. As I also noted above, there
> are problems with naively trying to use public-key encryption
> -Original Message-
> From: wikitech-l-boun...@lists.wikimedia.org
> [mailto:wikitech-l-boun...@lists.wikimedia.org] On Behalf Of
> Tim Starling
> Sent: 19 August 2010 07:37
> To: wikitech-l@lists.wikimedia.org
> Subject: [Wikitech-l] New password hashing proposa
On Thu, Aug 19, 2010 at 8:20 PM, Tim Starling wrote:
> In a past life, I was a PhD student working on a broad military-funded
> project which aimed to break all known asymmetric cryptography schemes
> using large, expensive machines known as quantum computers.
There are more than a few asymmetric
Aryeh Gregor gmail.com> writes:
> I don't think so. I think it's completely reasonable, when talking
> about Wikipedia. Hackers go after money, and there's no money in
> hacking Wikipedia. We have nothing secret or valuable that's not
> already readily available. We have no black-market compe
Ryan Lane wrote:
>> http://newsarse.com/2010/08/13/if-you-can-remember-your-password-then-its-hopelessly-inadequate-warn-researchers/
>>
>> Passwords suck, and people are a problem. Now, if we could distribute
>> RSA fobs to every editor ...
>>
>>
>
> We could do a less secure, but more-secure
On Thu, Aug 19, 2010 at 5:20 PM, Tim Starling wrote:
> In a past life, I was a PhD student working on a broad military-funded
> project which aimed to break all known asymmetric cryptography schemes
> using large, expensive machines known as quantum computers. There will
> come a point, maybe even
On 20/08/10 05:55, Aryeh Gregor wrote:
> On Thu, Aug 19, 2010 at 2:37 AM, Tim Starling wrote:
>> The number of WHIRLPOOL iterations is specified in the output string
>> as a base-2 logarithm (whimsically padded out to 3 decimal digits to
>> allow for future universe-sized computers). This number c
On 20/08/10 04:18, Jonathan Leybovich wrote:
> Plus I would wager that asymmetric ciphers will stand up to attacks far
> longer than most hashing functions.
In a past life, I was a PhD student working on a broad military-funded
project which aimed to break all known asymmetric cryptography scheme
On Thu, Aug 19, 2010 at 5:44 PM, David Gerard wrote:
> People are also going to keep thinking they're clever by using "fuck"
> as a password. Remember last time?
>
> http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
Admins need to be forced to use secure passwords, using some standard
in
> People are also going to keep thinking they're clever by using "fuck"
> as a password. Remember last time?
>
> http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
>
> A better password algorithm will at least solve a part of the problem
> that's understood. Anyone who would choose to use
> There is no point in providing options that virtually no one will use.
> It wastes the effort of all the people who have the maintain the
> relevant code, and it's yet more distraction on our already
> way-too-bloated preferences page. And it will not be useful to anyone
> when someone turns on
On 19 August 2010 22:37, Aryeh Gregor wrote:
> Do you think that more than 0.01% of Wikimedia users will enable any
> such preference if provided?
People are also going to keep thinking they're clever by using "fuck"
as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/
On Thu, Aug 19, 2010 at 5:16 PM, Lane, Ryan
wrote:
> Though SMS has a number of vulnerabilties, as listed in the link, in
> practical terms, it is likely to be safer than email for one time passwords.
> Remember: one time passwords are used as a form of two factor
> authentication. The SMS is sent
> On Thu, Aug 19, 2010 at 10:50 AM, Ryan Lane wrote:
>> We could do a less secure, but more-secure-than-passwords
>> alternative,
>> which is to use email or SMS as a one time password device. SMS is
>> obviously more secure than email, but would require us to ask people
>> for their phone numb
> > We could do a less secure, but more-secure-than-passwords
> alternative,
> > which is to use email or SMS as a one time password device. SMS is
> > obviously more secure than email, but would require us to ask people
> > for their phone numbers.
>
> SMS has loads of vulnerabilities:
>
> htt
On Thu, Aug 19, 2010 at 2:37 AM, Tim Starling wrote:
> The problem with the standard key strengthening algorithms, e.g.
> PBKDF1, is that they are not efficient in PHP. We don't want a C
> implementation of our scheme to be orders of magnitude faster than our
> PHP implementation, because that wou
Tim Starling wrote:
> You don't need to store the original passwords in a recoverable form
> in order to rehash them. You can just apply extra hashing to the old
> hash. This is how the A->B transition worked, and it's how the B->C
> transition should work too, unless someone knows of some kind of
> http://newsarse.com/2010/08/13/if-you-can-remember-your-password-then-its-hopelessly-inadequate-warn-researchers/
>
> Passwords suck, and people are a problem. Now, if we could distribute
> RSA fobs to every editor ...
>
We could do a less secure, but more-secure-than-passwords alternative,
whic
On 20/08/10 00:12, Jonathan Leybovich wrote:
>> Tim Starling wrote:
>>
>> So the time has probably come for us to come up with a "C" type
>> password hashing scheme, to replace the B-type hashes that we use
>> at the moment.
>
> What about using public key cryptography? Generate a key-pair and
> Tim Starling wrote:
>
> So the time has probably come for us to come up with a "C" type
> password hashing scheme, to replace the B-type hashes that we use at
> the moment.
What about using public key cryptography? Generate a key-pair and use the
"public" key to produce your password hashes
On 19/08/10 19:02, Robert Rohde wrote:
> Let me preface my comment by saying that I haven't studied WHIRLPOOL,
> and the following may not apply to it at all.
>
> However, it is known that some block cypher based hashes behave poorly
> when fed repeated copies of the same block. In the worst case
On 19 August 2010 10:02, Robert Rohde wrote:
> As a complementary approach it would be nice if there was something in
> Mediawiki to aid in the selection of strong passwords. Regardless of
> hash function, it will still take about two billion times longer to
> find one 10 character password in [
On 19/08/10 18:45, Daniel Kinzler wrote:
> Tim Starling schrieb:
>> It's been said (e.g. [1]) that hashing passwords with two rounds of
>> MD5 is basically a waste of time these days, because brute-forcing
>> even relatively long passwords is now feasible with cheap hardware.
>> Indeed, you can buy
On Wed, Aug 18, 2010 at 11:37 PM, Tim Starling wrote:
> The idea I came up with is to hash the output of str_repeat(). This
> increases the number of rounds of the compression function, while
> avoiding tight loops in PHP code.
> My proposed hash function is a B-type MD5 salted hash, which is t
Tim Starling schrieb:
> It's been said (e.g. [1]) that hashing passwords with two rounds of
> MD5 is basically a waste of time these days, because brute-forcing
> even relatively long passwords is now feasible with cheap hardware.
> Indeed, you can buy software [2] which claims to be able to check
It's been said (e.g. [1]) that hashing passwords with two rounds of
MD5 is basically a waste of time these days, because brute-forcing
even relatively long passwords is now feasible with cheap hardware.
Indeed, you can buy software [2] which claims to be able to check 90
million MediaWiki passwords
31 matches
Mail list logo