Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Re: Salted passwords
From: "Lyal Collins" <lyalc () isp net au>
Date: Tue, 11 Aug 2009 15:27:45 +1000
I'm not a crypto guru, but it seems to me that this issue can be
crypto-anlayses somewhat like the speedups used to find hash collisions (if
I understand them at all).

The goal in both cases is to find a hash that 'collides' with a known hash
(password hash, or CC number of 6 BIN digits, 9,999,999,999 values and 1
checkdigit) from a known format.
i.e pre-compute some portion of the salt+_static_string_portion, then
brute-force the remainder of the string.

As long as the salt is private or long enough, then does it matter?
lyalc
 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of T Biehn
Sent: Tuesday, 11 August 2009 6:51 AM
To: Valdis.Kletnieks () vt edu
Cc: full-disclosure
Subject: Re: [Full-disclosure] Salted passwords

Valdis,
I don't have control over the set. Sorry I wasn't more explicit about this.
Although, it should have been obvious that the solution needed to satisfy
the conditions:
Data to one way hash.
The set has 9,999,999,999 members.

Thanks for your input sweetie!

-Travis

On Mon, Aug 10, 2009 at 4:26 PM, <Valdis.Kletnieks () vt edu> wrote:

On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said:

Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.


Actually, if you're using a 10-digit decimal field, you probably have 
10**10 possible members - all-zeros counts too (unless there's *other* 
reasons zero isn't a legal ID).  It's those little off-by-one errors that

tend to get you.

;)


It's relatively easy to brute force this, or create precomp tables.


That's because you only have 10M billion members to brute force against.


So you add a salt to each.


A better idea cryptographically would be to fix the 10**10 member 
limit, so that the set *could* have a much higher possible number of 
members.  Even staying at 10 characters, but allowing [A-Za-z0-9] (62 
possible chars) raises your space to 62**10 or about 8.3*10**17 (or almost

10M times the difficuly).

That's why most symmetric crypto algorithms use at least 64-bit or 
even larger keys, and even larger for RSA and similar public-key systems.






--
pgp http://pastebin.com/f6fd606da pgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]