[1578] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Sat Apr 22 04:12:54 1995
From: newsham@aloha.net (Timothy Newsham)
To: jfh@rpp386.cactus.org (John F. Haugh II)
Date: Fri, 21 Apr 1995 20:16:11 -1000 (HST)
Cc: watt@sware.com, bugtraq@fc.net
In-Reply-To: <9504211700.AA23049@rpp386.cactus.org> from "John F. Haugh II" at Apr 21, 95 12:00:02 pm
> My replies have always been in the context of what Shadow does for long
> passwords. Yes, there has been some confusion in this thread. I was, uh,
> quite shocked to see what David Wagner was really talking about because
> it is pretty obvious that it has security problems. Essentially, it
> removes the 1:1 cleartext to ciphertext relationship that some of us feel
> crypt() has. I don't know what the new relationship is, but its probably
> GodAwfulLarge to 1. Once you assume that there are GodAwfulMany passwords
> which yield the same result, the 2^56 brute force attack is much easier.
The posted data just shows that two strings with differing salts
can hash to the same value (without the salt). This doesn't buy
you anything since the salt is used in the compare when doing
authentication. The post did not show that two passwords can
hash to the same value while using the same salt (and it doesn't
show that it can't either).
Your second statement (...but its probably ...) seems to be based
on nothing but pessimism.
> John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
> Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh@rpp386.cactus.org
Tim N.
