Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Securing encrypted data in RAM vs MSSQL

RE: Securing encrypted data in RAM vs MSSQL

From: Mark Curphey <mark_at_curphey.com>
Date: Thu, 1 Jul 2004 15:44:12 -0400

Hi Martin,

Heuristically ? What tools ? Are you referring to Pseudo collisions ?

If you can pick up a pattern (apart from its entropy) of any sort on the
cipher text of a one way hash function then it is by definition broken, or
am I missing something? I maybe wrong but you maybe referring to pseudo
collisions as described by Hands Dobbertin in his paper in the 90's? If so
there is a big difference between pseudo collisions and real world attacks
(and his work was on MD4 not 5). I am not aware of any work proving real
collisions, anyone ?

Pre-computing dictionaries is one thing although implementations can be
designed so this becomes impractical. Dictionary attacks will always be
possible but again with a suitable salt and password entropy this should not
be practical.

As with most crypto (IMHO) the implementation usually lets the design down !
I am all for picking holes in implementations but I think need to be careful
to say "there is always a way to recover the real password or login from a
hash".

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN_at_libertis.ga]
Sent: Thursday, July 01, 2004 1:44 PM
To: Dean Saxe
Cc: webappsec_at_securityfocus.com; forensics_at_securityfocus.com
Subject: RE: Securing encrypted data in RAM vs MSSQL

Yep sure, it should harden the security of the hashes...depending of what
kind of salt as well! :) But in that case some tools also improved and have
heuristical techniques to go quicker.

The time needed depends of the softwares you are using! IBM Watson's Lab. or
the NSA Labs shounld do this quicker than my laptop! :)

-----Message d'origine-----
De : Dean Saxe [mailto:Dean.Saxe_at_DigitalInsight.com]
Envoyé : jeudi 1 juillet 2004 18:35
À : Bénoni MARTIN; Toro, Daniel; Stan Guzik; Dave Andrews;
webappsec_at_securityfocus.com; forensics_at_securityfocus.com Objet : RE:
Securing encrypted data in RAM vs MSSQL

Shouldn't a salt value added to the plaintext before hashing effectively
make this kind of a dictionary attack much more difficult, if not
impossible, to perform since you would have to recover the salt and
plaintext?

-dhs

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN_at_libertis.ga]
Sent: Thursday, July 01, 2004 1:19 PM
To: Toro, Daniel; Stan Guzik; Dave Andrews; webappsec_at_securityfocus.com;
forensics_at_securityfocus.com
Subject: RE: Securing encrypted data in RAM vs MSSQL

Well, there is always a way to recover the real password or login from a
hash...the matter's is the time it will take!

The method to "dehash" a hash is quite simple: as theorically a hash_1 can
be produced by a single pass_1/login_1/..., we can create a huge amount of
random pass_2/logins_2/..., hash them with MD5/SHA-1/... and then compare
each of them with our hash_1. ASA the two hashes are the same, we can pick
up the pass/login/... which produced hash_2. Quite simple but really long to
perform.

BTW, Cain & Abel, John the Ripper and Crack can perform such recoveries...
:)
Received on Jul 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos