Re: [fw-wiz] Radius access from provider to internal MS ISA Server

From: Paul Robertson (
Date: 07/05/02

From: Paul Robertson <>
To: "Kyle R. Hofmann" <>
Date: Fri Jul  5 18:17:01 2002

On Fri, 5 Jul 2002, Kyle R. Hofmann wrote:

> > IMO, strong passwords are dead- dictionaries are too good now, if you're
> > using reusable passwords, you should assume compromised credentials at
> > some level, esepcially if a third party gets to participate.
> Dictionaries are only too good if you use them to find your passwords.
> What's wrong with using a random device and a Perl script?:

Sorry, I wasn't clear enough- dictionaries alone aren't the issue of
course, it's just not that difficult to start MD5 and DESing everything
now, and admins at even mid-sized companies have hundreds of machines to
put on the problem and have had years to do so (and let's not talk about
trojaned machines.) Even "allwords" is at the tail end of the problem if
you store all the brute force answers to a dictionary every time you run

While there's theoretically value to line noise as passwords, I think it's
more prudent to assume that anything normally useful with only printable
characters has been dictionaried or brute-forced already (perhaps someone
can do the math and figure out what length still holds some value
assuming not having to start at zero every attack, I've just written it
off as a flawed scheme- admittedly one I still use in many places though.)

The issue with one way functions is that you only need to hash it once and
store the result. I know an individual with a CM5 (16k processors,) and
I've heard of at lest two people with Crays at home- my meager 4-way
AS2100 pales in comparison, but you get the idea- home machines are no
longer necessarily "toys."

For interestingish reading:

That means that a minimum MD5 "block" is 64 bytes, so for a ca 2002-scaled
software performance of 2.1Gbits/second, we get a single-CPU software
MD5 performance near 4.1e6 single-block MD5 operations per second.

These numbers are, of course, assuming that any key-guessing attacker
is resource-constrained to a single CPU. In reality, distributed
cryptographic key-guessing attacks have been remarkably successful in
the recent past.

> Try finding O6G2c}S#@|TS in a dictionary. And if you can't remember it,
> write it down on a slip of paper and put it in your wallet.

12 bytes seems to be the bare minimum for a useful key if you assume
compromise of the hashed value.

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact."