Bugtraq mailing list archives
Re: passwd hashing algorithm
From: dawagner () phoenix Princeton EDU (David A. Wagner)
Date: Mon, 17 Apr 1995 17:35:19 -0400 (EDT)
Just one trivial elaboration on an informative message from Steve Bellovin:
There's only one facet of triple DES that's at all useful here: it provides an easy way to accept longer passwords. But as I've noted, there are other ways to do that. (Double DES is most likely quite sufficient if you want to pursue that route, though; few people are going to use passwords longer than 16 characters, and the attacks on double DES described in the cryptographic literature require O(2^55) storage, if I recall correctly -- I may be off by a factor or so of 2.)
If anyone actually plans to use double DES (or triple DES) for hashing passwords (which I don't recommend), be aware that there's a huge difference between: 1. 25 iterations of DES with the first 8 bytes of the password as key, followed by 25 iterations of DES with the second 8 bytes of password as key. 2. repeat 25 times: an iteration of DES with the first 8 bytes of the password as key, followed by an iteration of DES with the second 8 bytes of password as key. (1) can be broken on a workstation with ~ 2^32 steps (and very little in the way of memory); (2) is probably very strong. The same comment goes for triple DES. The moral of the story? If you wanna hash a long string, use a hash function (i.e. MD5), not a block cipher; or else be very careful. :-) ------------------------------------------------------------------------------- David Wagner dawagner () princeton edu
Current thread:
- Re: passwd hashing algorithm, (continued)
- Re: passwd hashing algorithm Jon Peatfield (Apr 15)
- Re: passwd hashing algorithm Timothy Newsham (Apr 17)
- Re: passwd hashing algorithm Louis Taber (Apr 13)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm John F. Haugh II (Apr 16)
- Re: passwd hashing algorithm Charles Howes (Apr 14)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm der Mouse (Apr 14)
- Re: passwd hashing algorithm smb () research att com (Apr 14)
- Re: passwd hashing algorithm Dennis Glatting (Apr 15)
- Re: passwd hashing algorithm smb () research att com (Apr 16)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: passwd hashing algorithm John F. Haugh II (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 18)
- Re: passwd hashing algorithm Charlie Watt (Apr 19)
- Re: passwd hashing algorithm Tom Fitzgerald (Apr 19)
- Re: passwd hashing algorithm Charlie Watt (Apr 20)
- The Dan Farmer rap Julian Assange (Apr 17)
- Re: The Dan Farmer rap Jonathan M. Bresler (Apr 20)
- Re: The Dan Farmer rap John Evans (Apr 20)
- Re: The Dan Farmer rap James O Ausman (Apr 21)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: The Dan Farmer rap Aleph One (Apr 20)
- Re: passwd hashing algorithm Jon Peatfield (Apr 15)