lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3EF89C64.7060200@trustcenter.de>
Date: Tue, 24 Jun 2003 20:45:56 +0200
From: Götz Babin-Ebell <babin-ebell@...stcenter.de>
To: Nicholas Weaver <nweaver@...berkeley.edu>
Subject: Re: Algorimic Complexity Attacks

Hello Nicolas

Nicholas Weaver wrote:
> On Sun, Jun 08, 2003 at 06:17:38PM +0200, Pavel Kankovsky composed:
> 
>>We need a function having a (relatively) small set of results in order to
>>build a hash table. We can also assume the information about collisions
>>leaks out via a timing channel. Ergo, a persistent attacker can find
>>enough collisions by trial and error.
> 
> IF the hash is good, FINDING collisions doesn't necessarily help the
> attacker, as the attacker really needs to generate lots of collisions
> to make the searches O(n) instead of O(1), since that is teh key
> behind this attack.

You could do some improvement if you store the collisions
not in a list, but in a new hash table.

In that 2nd hash table you add a salt.

So the attacker must find many sets of data that result not only
in a collistion, but additional result in collisions in the
2nd hash table.

If the salt is some on the spot generated random data,
that should be nearly impossible...

Generating the 2nd hash table only if there at least n collissions
should keep the load on the system low...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3397 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ