mailing list archives
Re: passwd hashing algorithm
From: newsham () aloha net (Timothy Newsham)
Date: Fri, 21 Apr 1995 20:16:11 -1000 (HST)
My replies have always been in the context of what Shadow does for long
passwords. Yes, there has been some confusion in this thread. I was, uh,
quite shocked to see what David Wagner was really talking about because
it is pretty obvious that it has security problems. Essentially, it
removes the 1:1 cleartext to ciphertext relationship that some of us feel
crypt() has. I don't know what the new relationship is, but its probably
GodAwfulLarge to 1. Once you assume that there are GodAwfulMany passwords
which yield the same result, the 2^56 brute force attack is much easier.
The posted data just shows that two strings with differing salts
can hash to the same value (without the salt). This doesn't buy
you anything since the salt is used in the compare when doing
authentication. The post did not show that two passwords can
hash to the same value while using the same salt (and it doesn't
show that it can't either).
Your second statement (...but its probably ...) seems to be based
on nothing but pessimism.
John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
Re: passwd hashing algorithm John Adams (Apr 17)
Re: passwd hashing algorithm Paul C Leyland (Apr 19)