Re: passwd hashing algorithm

[watt () sware com (Charlie Watt)]

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBwDCCAWoCEQC43J7oZ50NWTRSVBShvvaXMA0GCSqGSIb3DQEBAgUAMFkxCzAJ
 BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
 Y3VyZVdhcmUgUENBMRcwFQYDVQQLEw5FbmdpbmVlcmluZyBDQTAeFw05NDA0MDUx
 NzA2NDJaFw05NTA0MDUxNzA2NDJaMHAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9T
 ZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNlY3VyZVdhcmUgUENBMRcwFQYDVQQL
 Ew5FbmdpbmVlcmluZyBDQTEVMBMGA1UEAxMMQ2hhcmxlcyBXYXR0MFkwCgYEVQgB
 AQICAgQDSwAwSAJBDNmUqe2+nqg6iuUWzxaXegxki426RzmVNO6VHHYCV4nbo/WL
 X9a7Jn/2nWqZUK/l+RXqCHU/21Ur9jFIt4GNHhcCAwEAATANBgkqhkiG9w0BAQIF
 AANBAEY6kP5jHqK9B9PhZCCJ9mckYuKMufWr7l61LulXGwUTqFzjFC0MOYwXo5s+
 8lqrLQ7YpTzyE74pKR1cl5TAUU4=
Issuer-Certificate:
 MIIBkDCCAToCEQCFP7oDPZq0SSDfetbu5nSkMA0GCSqGSIb3DQEBAgUAMEAxCzAJ
 BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
 Y3VyZVdhcmUgUENBMB4XDTk0MDQwNTE3MDQyM1oXDTk1MDQwNTE3MDQyM1owWTEL
 MAkGA1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMO
 U2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMFkwCgYEVQgB
 AQICAgADSwAwSAJBAL4Od/KxhOB6HyUbBJC2X6Ic2P0XEcGnddzJ1QEHjSFyx5qz
 n098ScMWDEJSiwrsVmQFbNvN01hkke7ZE21aG5sCAwEAATANBgkqhkiG9w0BAQIF
 AANBAIBzwWRF5SkoGAdcliVyog2caFtsPrq7lyBIp562B+ckFNderoDTc+JW+i4f
 MhnY9Q9I2KrlZV4GqcpZ+GjAeNk=
MIC-Info: RSA-MD5,RSA,
 A+NGxT8ahv/jKOs0lP+6i3d6Ca3uEYkVHkuVoKmxgH2pFTwe7hBur+HfN6OE8l3n
 93IKqWV83/oAr2Cxxou7PfA=

X-Sensitivity-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED
X-Information-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED

> > > > SecureWare uses a mechanism similar to this and it is part of one of
> > > > their security offerings.  I've used a slightly different, but similar,
> > > > approach for several years
> >
> > We do not.  See below.
>  
> I think the confusion lies in "similar".  Otherwise, I stand by my
> remarks, source code samples from you not withstanding.

...

> Meaning that your password was created when crypt() returned
> "8F0Ovkj7jA9jE" then "jE.ofsJ4MaIt6".  If the guy with the crypt() attack
> was serious, he should be able to generate a pair of keys which will
> produce your encrypted password.

Yes, but your original message was not specific as to the resulting
hash output.  Both David Wagner and I understood you to mean that the 
resulting hash was still only 8 bytes.  This was the cause of the potential 
security hole that he outlined that made an attack significantly easier than 
searching a single 8 byte hash space.  The resulting exchange of messages 
strongly implied that SecureWare's products contained such a security hole.  
I was merely stating that our product does not contain this specific 
security hole (or any other of which I am aware :-)).  Our implementation 
is equivalent to serially searching N 8 byte password hash spaces where N 
is the number of 8 byte blocks (not limited to two) in the password (except, 
perhaps for the final block).  Of course, it would be even better if they 
had to crack a single 8*N byte password hash space, but as has been pointed
out several times to this list, this should best be done using a real hash
function.

Charlie Watt
SecureWare, Inc.

-----END PRIVACY-ENHANCED MESSAGE-----