Nick Harring writes:

> Storing cleartext passwords is generally horrible security, so this and
> that don't really relate to each other.

Except to the extent that vpopmail now supports cleartext passwords
(I have a vague memory they're needed for CRAM authentication)

> I whole heartedly agree. I've been poking around with #ifdef'ing around
> the seeding of srandom, however I think your later suggestion of just
> replacing rand() with reads from /dev/urandom is the Right Way.

It's slightly more efficient not to seed rand if you're not going to use
> Brute force is not the only attack.  Precomputed attacks can be very 
> effective if the salt space is small.
> Precomputed attacks are brute force,

I beg to differ.  They are force, but not brute force.  Brute force
is trying random passwords until you succeed.  A precomputed attack
relies upon the fact that many people choose poor passwords, as does
crack.  Neither are brute force because they reduce the search space
in a semi-intelligent fashion.  In fact a precomputed attack is somewhat
more intelligent than crack as the computer-intensive part is stored
for re-use.

> Precomputation just reduces the time frame required to run said brute
> force attack. If you're guessing at each element, without any feedback
> or algorithm other than trying a list of sequential possibilities,
> you're brute forcing.

Any algorithm that gives you an improvement on purely random guesses
can no longer be considered brute force.

> > I would add more #ifdefs to replace the call to rand with a read from 
> > /dev/urandom.  Using /dev/urandom to seed rand() only gets you 32 bits
> > of entropy (on most architectures).
> This is the Right Thing imho.

Indeed.  If you have /dev/urandom available what's the point of using
rand at all?  Using it to seed rand is slightly better than the seed
suggested by Wall but doesn't buy you much extra entropy and never more
than 32 bits (on most architectures).

Paul Allen
Softflare Support

Reply via email to