lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 10 Aug 2009 10:35:55 -0400
From: T Biehn <tbiehn@...il.com>
To: Richard Golodner <rgolodner@...ratection.com>, 
	full-disclosure <Full-Disclosure@...ts.grok.org.uk>
Subject: Re: Salted passwords

Richard,
The approach I outline in my post is the correct one, that is, making
it computationally expensive to crack. I'm not trying to protect
passwords, think anonymizing account numbers and the like.. That is,
the possible combinations are a set that is unacceptably small.
Without an expensive compute step it's trivial to brute force given a
static salt location...

(excuse my use of shitty pseudocode, assume homogeneous length 10)

Typically the test is:

if storedHash = hashFcn(userPassword & storedSalt) //9,999,999,999 tests

if you randomly store the storedSalt ANYWHERE within userPassword, it becomes

for (int i=0; i<len(userPassword); i++) {
    String toTest = substring(userPassword,0,i) & storedSalt &
substring(userPassword,i)
    if storedHash = hashFcn(toTest) {
       return true;
    }
}
return false; //99,999,999,990 tests

and like hashFcn could be

for (int i=0;i<expensive;i++) {
x = pgp(x);
x = md5(x);
}
return x;

It'd be heavy if pgp were using 4096 bitsize keys. Tweak 'expensive'
to match average acceptable test time. (5 seconds to run 10 tests.)

The set size increases, and brute force attempts become more difficult
(as for each brute force test in the set you must test 'strlength'
times). That is, in a set of homogeneous length strings the hash set
is set size times string length.

I believe this is a rather typical approach. I'm interested to see if
someone else has any other ideas/accepted methods for effectively
increasing the hash set size without increasing the value set size.

It's more so that I'm trawling the net for like minded individuals
rather than soliciting actual advice. Other methods are fairly
obvious.
Using two salts with random locations, etc.

I'm afraid it follows, though, that I reach a point where it's too
expensive, and thus login to a service will suffer an unacceptable
delay, this limitation precludes me from preventing against cracking
by the "10 million dollar computer" and certainly such a scheme will
not be 'future proof.'

-Travis

On Sun, Aug 9, 2009 at 11:56 PM, Richard
Golodner<rgolodner@...ratection.com> wrote:
**REDACTED**
"explain please"
**REDACTED**

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ