Re: [Full-disclosure] Salted passwords



I'm not a crypto guru, but it seems to me that this issue can be
crypto-anlayses somewhat like the speedups used to find hash collisions (if
I understand them at all).

The goal in both cases is to find a hash that 'collides' with a known hash
(password hash, or CC number of 6 BIN digits, 9,999,999,999 values and 1
checkdigit) from a known format.
i.e pre-compute some portion of the salt+_static_string_portion, then
brute-force the remainder of the string.

As long as the salt is private or long enough, then does it matter?
lyalc


-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of T Biehn
Sent: Tuesday, 11 August 2009 6:51 AM
To: Valdis.Kletnieks@xxxxxx
Cc: full-disclosure
Subject: Re: [Full-disclosure] Salted passwords

Valdis,
I don't have control over the set. Sorry I wasn't more explicit about this.
Although, it should have been obvious that the solution needed to satisfy
the conditions:
Data to one way hash.
The set has 9,999,999,999 members.

Thanks for your input sweetie!

-Travis

On Mon, Aug 10, 2009 at 4:26 PM, <Valdis.Kletnieks@xxxxxx> wrote:
On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said:
Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.

Actually, if you're using a 10-digit decimal field, you probably have
10**10 possible members - all-zeros counts too (unless there's *other*
reasons zero isn't a legal ID).  It's those little off-by-one errors that
tend to get you.
;)

It's relatively easy to brute force this, or create precomp tables.

That's because you only have 10M billion members to brute force against.

So you add a salt to each.

A better idea cryptographically would be to fix the 10**10 member
limit, so that the set *could* have a much higher possible number of
members.  Even staying at 10 characters, but allowing [A-Za-z0-9] (62
possible chars) raises your space to 62**10 or about 8.3*10**17 (or almost
10M times the difficuly).
That's why most symmetric crypto algorithms use at least 64-bit or
even larger keys, and even larger for RSA and similar public-key systems.





--
pgp http://pastebin.com/f6fd606da pgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages