Re: [fw-wiz] Radius access from provider to internal MS ISA Server

From: Paul Robertson (proberts@patriot.net)
Date: 07/05/02


From: Paul Robertson <proberts@patriot.net>
To: "Kyle R. Hofmann" <krh@lemniscate.net>
Date: Fri Jul  5 18:17:01 2002

On Fri, 5 Jul 2002, Kyle R. Hofmann wrote:

> > IMO, strong passwords are dead- dictionaries are too good now, if you're
> > using reusable passwords, you should assume compromised credentials at
> > some level, esepcially if a third party gets to participate.
>
> Dictionaries are only too good if you use them to find your passwords.
> What's wrong with using a random device and a Perl script?:

Sorry, I wasn't clear enough- dictionaries alone aren't the issue of
course, it's just not that difficult to start MD5 and DESing everything
now, and admins at even mid-sized companies have hundreds of machines to
put on the problem and have had years to do so (and let's not talk about
trojaned machines.) Even "allwords" is at the tail end of the problem if
you store all the brute force answers to a dictionary every time you run
crack/john.

While there's theoretically value to line noise as passwords, I think it's
more prudent to assume that anything normally useful with only printable
characters has been dictionaried or brute-forced already (perhaps someone
can do the math and figure out what length still holds some value
assuming not having to start at zero every attack, I've just written it
off as a flawed scheme- admittedly one I still use in many places though.)

The issue with one way functions is that you only need to hash it once and
store the result. I know an individual with a CM5 (16k processors,) and
I've heard of at lest two people with Crays at home- my meager 4-way
AS2100 pales in comparison, but you get the idea- home machines are no
longer necessarily "toys."

For interestingish reading:

http://www.ietf.org/internet-drafts/draft-ietf-idr-md5-keys-00.txt

That means that a minimum MD5 "block" is 64 bytes, so for a ca 2002-scaled
software performance of 2.1Gbits/second, we get a single-CPU software
MD5 performance near 4.1e6 single-block MD5 operations per second.

These numbers are, of course, assuming that any key-guessing attacker
is resource-constrained to a single CPU. In reality, distributed
cryptographic key-guessing attacks have been remarkably successful in
the recent past.

> Try finding O6G2c}S#@|TS in a dictionary. And if you can't remember it,
> write it down on a slip of paper and put it in your wallet.

12 bytes seems to be the bare minimum for a useful key if you assume
compromise of the hashed value.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."



Relevant Pages

  • Re: "Install a license"
    ... using a sequence of two or three words ... For reasonably-sized dictionaries, ... than passwords the user would choose. ... of random data and apply base64, then store the result in a file in my ...
    (alt.usage.english)
  • Re: [fw-wiz] Passwords (was: Stanford break in)
    ... Filling in the dictionary isn't that hard, and adding to it to generate ... Now, someone with mad math skills can take the dictionaries, and the ... since "strong passwords enforced by software" will negate having to search ... Paul D. Robertson "My statements in this message are personal opinions ...
    (Firewall-Wizards)
  • Re: "Install a license"
    ... Bill Cheswick has a great alternative proposal: passwords should be ... For reasonably-sized dictionaries, ... of random data and apply base64, then store the result in a file in my ...
    (alt.usage.english)
  • Re: "Install a license"
    ... Bill Cheswick has a great alternative proposal: passwords should be ... For reasonably-sized dictionaries, ... of random data and apply base64, then store the result in a file in my ...
    (alt.usage.english)