Re: Iterative Password Hashing vs Strong Salt

"Kai" <kaisellgren@xxxxxxxxx> wrote in message news:7c22471c-4243-49a9-a9af-025d87e387ed@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You are combining secret client data (user password) and secret server data
(unique to each user?) to form an encryption key which is then used to
encrypt and store some data on the server. Your worry then appears to be
that another user, or an attacker, can obtain this encrypted data in some
'illegal' way and then discover the key needed to decrypt it. Is this your
concern?

Actually, it is all pretty much clear to me right now, but there is
one thing I would like to discuss about. Forget dictionary attacks,
rainbow tables and such, and only think about brute forcing for now.
Okay? We are still in the subject Password Hashing. So, if I have a
preimage of 512-bits (randomly generated from urandom), for instance,
it would take 2^256 iterations to crack it on average, isn't that so?
So, if my preimage is 512-bits strong and if I use a 512-bit hash,
then it is pretty much useless to iteratively hash the preimage.

[snip]

As you suggest, if a key strengtening step doesn't increase the key space it isn't doing its job.

But even in this case an attacker may not be able to mount an attack using this smaller key if the system is such that the process in which this key is used is better protected than the one in which the original key is used.

For example, if an attacker can only mount an attack by masquerading as a legitimate user, they will need a user key (password) even if the internal 'strengthened' key is actually shorter.


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4052 (20090504) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



.

Relevant Pages

  • Vulnerability in encrypted loop device for linux
    ... An attacker is able to modify the content of the encrypted device ... considered a aim of the encryption mode, so most modes (e.g. ECB, CFB, ... As we need to authenticate the device across mounts and not while it is ... It slows down mount operations but they are ...
    (Bugtraq)
  • [UNIX] Vulnerability in Encrypted Loop Device for Linux
    ... Encrypting a disk device aims to protect against an off-line attacker who ... The encryption mode used by encrypted loop device is CBC. ... We propose 2 types of fixes: one that authenticate at mount time (see ...
    (Securiteam)
  • Re: Question about rsync
    ... The most important aspect of security is improving your weakest links - when you are at the stage that the easiest methodof attack is physical, or personal, then your job as IT security is pretty much done. ... It makes sense to take easy steps to increase security if you can - an attacker might not have the same opinion about the easiest methodof attack as you. ... but it contains information about an algorithm aimed precisely at transferring only those parts of a file that have changed. ... So unless you are doing a backup of a nuclear missile design, encryption on an rsync backup will only make a realistic difference if your network topology is such that the traffic is accessible by more people. ...
    (comp.os.linux.networking)
  • Re: Signatures and encryption headers
    ... breached when an attacker can modify the message received? ... But I see how the lack of authentication can cause the receiver to act ... not for the iv or other encryption ... A create a payload, S signs it with public key crypto (most likely ...
    (sci.crypt)
  • Re: How good an encryption algorithm is this?
    ... in the scenario I described. ... which the attacker gets her hands on that data. ... It's the fact that your algorithm makes it fairly easy to deduce the key ... And don't forget that you started by asking "How good an encryption ...
    (microsoft.public.vc.language)