lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Sep 2014 13:37:19 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PolyPassHash is broken

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2014 12:48 PM, Tony Arcieri wrote:
> On Mon, Sep 15, 2014 at 9:46 AM, Bill Cox
> <waywardgeek@...hershed.org> wrote:
> 
>> Would something like that work?
>> 
> 
> Unattended boot is pretty essential for any mission critical
> system, so probably not.
> 
> There are other ways to solve this problem though, like a hardware
> device that is only accessible at the time a computer boots.
> 

I agree that there are alternatives that do provide increased password
database security while allowing unattended boot.

Another thought would be to do the same for users as admins: until the
secret is derived, force users to answer a security question they set
up before, or send them a PIN on their phone as a second factor.  This
would only inconvenience users until the secret key is derived.

In any case, I have to agree with Steve that leaking parts of the
password hashes is a security risk.  I liked the security of
PolyPassHash up to that point, though it certainly would have
restricted use-cases if multiple admins were required to boot the
system and get the server back online.  I'm just wondering if
PolyPassHash could be use to enable more convenient login most of the
time, while providing at least the security level of having users
answer security questions all of the time.

This really isn't my area... I suspect Alexander would have more
insight into what is acceptable for most authentication servers.  This
is partly why I skipped reviewing PolyPassHash.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUFyPLAAoJEAcQZQdOpZUZq/EP/Rr/6LXxFcDG8plxAIwpQvRV
WhPjpZ5nmmQTRnOko2H28fYtt8EPLXnhuM5IuHok8VZpwyfezjoPyL62qkuMICaH
WU9f68vtxaH0TIIqDVMkTLSLqPGoYn3hbxfBKIWyk5r7RPQi0hOAB4nxAsQnBbWU
KLBzAmh/SxCrWkXKZnneA0MPfVL9oCmtuwQvHhmQMTTu+ZwMK1rayjoN/R+NcMqU
fYwcLvFs5gkEGg/XtYTiKGT9Py6JhOeVVmiSIzZRhLZ6alhf7L4JxEGreeiqYxe+
rjZ994dttJL+/slJsUIZks1LwW0t14yFY+H4KDD7cXw533mOAuTO+lhm4W0GVs0G
pj8I8NlvPhOMfS1srI/TAuhYYTl2rwtVpNPgh43rnV/vju+URd0+g7RNCQUa/x8K
g6iVP924vEL0H0FKjjZJAFw0Jcktwm7I3iFx0XUyw6NRUD1TPDi4DqCvxN+FXVUt
CcjqstmowkoK70viK6ixNHFCV49i9ptyqh2ZSgcvUkJf3jlDZoT8czzQj6OH2K6c
RVxyKE476HRRPhyolLPWyWUWO978ozO4WhqMkXQROtxJzyVX7VFBW+PR80yzHn7G
VJ103Y9hOB3SFpRS5ycptYZMi6QtQeIaOD9Mg70PBJ8zYz+ZrjMYzlmCSsT+TP2u
cSE+dTA/lXxRQyl4n0NM
=pSLZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists