[1570] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (Charlie Watt)
Fri Apr 21 12:07:33 1995
From: Charlie Watt <watt@sware.com>
To: jfh@rpp386.cactus.org (John F. Haugh II)
Date: Fri, 21 Apr 1995 08:49:32 -0400 (EDT)
Cc: bugtraq@fc.net
In-Reply-To: <9504210328.AA15769@rpp386.cactus.org> from "John F. Haugh II" at Apr 20, 95 10:28:40 pm
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
MIIBwDCCAWoCEQC43J7oZ50NWTRSVBShvvaXMA0GCSqGSIb3DQEBAgUAMFkxCzAJ
BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
Y3VyZVdhcmUgUENBMRcwFQYDVQQLEw5FbmdpbmVlcmluZyBDQTAeFw05NDA0MDUx
NzA2NDJaFw05NTA0MDUxNzA2NDJaMHAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9T
ZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNlY3VyZVdhcmUgUENBMRcwFQYDVQQL
Ew5FbmdpbmVlcmluZyBDQTEVMBMGA1UEAxMMQ2hhcmxlcyBXYXR0MFkwCgYEVQgB
AQICAgQDSwAwSAJBDNmUqe2+nqg6iuUWzxaXegxki426RzmVNO6VHHYCV4nbo/WL
X9a7Jn/2nWqZUK/l+RXqCHU/21Ur9jFIt4GNHhcCAwEAATANBgkqhkiG9w0BAQIF
AANBAEY6kP5jHqK9B9PhZCCJ9mckYuKMufWr7l61LulXGwUTqFzjFC0MOYwXo5s+
8lqrLQ7YpTzyE74pKR1cl5TAUU4=
Issuer-Certificate:
MIIBkDCCAToCEQCFP7oDPZq0SSDfetbu5nSkMA0GCSqGSIb3DQEBAgUAMEAxCzAJ
BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
Y3VyZVdhcmUgUENBMB4XDTk0MDQwNTE3MDQyM1oXDTk1MDQwNTE3MDQyM1owWTEL
MAkGA1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMO
U2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMFkwCgYEVQgB
AQICAgADSwAwSAJBAL4Od/KxhOB6HyUbBJC2X6Ic2P0XEcGnddzJ1QEHjSFyx5qz
n098ScMWDEJSiwrsVmQFbNvN01hkke7ZE21aG5sCAwEAATANBgkqhkiG9w0BAQIF
AANBAIBzwWRF5SkoGAdcliVyog2caFtsPrq7lyBIp562B+ckFNderoDTc+JW+i4f
MhnY9Q9I2KrlZV4GqcpZ+GjAeNk=
MIC-Info: RSA-MD5,RSA,
A+NGxT8ahv/jKOs0lP+6i3d6Ca3uEYkVHkuVoKmxgH2pFTwe7hBur+HfN6OE8l3n
93IKqWV83/oAr2Cxxou7PfA=
X-Sensitivity-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED
X-Information-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED
>
> > > > SecureWare uses a mechanism similar to this and it is part of one of
> > > > their security offerings. I've used a slightly different, but similar,
> > > > approach for several years
> >
> > We do not. See below.
>
> I think the confusion lies in "similar". Otherwise, I stand by my
> remarks, source code samples from you not withstanding.
...
>
> Meaning that your password was created when crypt() returned
> "8F0Ovkj7jA9jE" then "jE.ofsJ4MaIt6". If the guy with the crypt() attack
> was serious, he should be able to generate a pair of keys which will
> produce your encrypted password.
Yes, but your original message was not specific as to the resulting
hash output. Both David Wagner and I understood you to mean that the
resulting hash was still only 8 bytes. This was the cause of the potential
security hole that he outlined that made an attack significantly easier than
searching a single 8 byte hash space. The resulting exchange of messages
strongly implied that SecureWare's products contained such a security hole.
I was merely stating that our product does not contain this specific
security hole (or any other of which I am aware :-)). Our implementation
is equivalent to serially searching N 8 byte password hash spaces where N
is the number of 8 byte blocks (not limited to two) in the password (except,
perhaps for the final block). Of course, it would be even better if they
had to crack a single 8*N byte password hash space, but as has been pointed
out several times to this list, this should best be done using a real hash
function.
Charlie Watt
SecureWare, Inc.
-----END PRIVACY-ENHANCED MESSAGE-----
