Re: PHK's MD5 might not be slow enough anymore



On Thu, 28 Jan 2010 17:53:30 -0500
Roger <rnodal@xxxxxxxxx> wrote:


The point of slowing down the algorithm is to protect against
off-line attack where an attacker has gained access to a copy of
master.passwd.

When say "off-line attack" do you refer to the attacker running a
brute force attack on his/her machine?

Yes

I'm assuming that by using a slow algorithm the attacker is forced to
use the same slow algorithm to check the passwords?

Hopefully

Any hashing has to be done when the password is set, so it's fixed
thereafter.


The thread is about password hashing, which is not a mechanism to
slow-down and back-off login attempts.


_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: yet another hash algorithm
    ... quality hash in much less than 64 rounds, as an attacker could attack ... used the novel techniques first" in this thread. ...  Rightward information flow is the ... blocks that, when hashed using that algorithm, produce hashes that are ...
    (sci.crypt)
  • Re: what should "k-bit security" mean?
    ... What is the time t of an attack? ... algorithm to end of execution of the algorithm. ... Suppose the problem is inverting SHA1. ...
    (sci.crypt)
  • Re: what should "k-bit security" mean?
    ... |>An algorithm that provides X bits of strength would, on average, take ... And this is the measure that we used in the NTRU paper ... because some keys take so much less time than others to attack ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (sci.crypt)
  • Re: Simple block cypher for 8-bit microcontrollers
    ... I do have specific applications in mind, but until I can be sure that the algorithm is correct, I'll be using other well known algorithms in my specific applications;) ... block ciphers. ... There are many variations on the basic slide attack. ...
    (sci.crypt)
  • Re: Algorithm Strength Scale
    ... therefore rendering it useless for serious purposes. ... It is arguable that this delivers an equivalent key in an equivalent algorithm, but it certainly does not recover the "functional key" of the original algorithm, and may not necessarily be possible to convert to the key itself. ... Admittedly, this is a significantly unusual form of attack, but it certainly violates the statement that there are "only ... ... It has no relation to reality, only serves to provide an appearance of thoughtfulness. ...
    (sci.crypt)