Firewall Wizards mailing list archives

RE: strong passwords (was Radius/MS ISA stuff)

From: Paul Robertson <proberts () patriot net>
Date: Mon, 8 Jul 2002 11:40:14 -0400 (EDT)

On Mon, 8 Jul 2002, Ben Nagy wrote:

I think that finding any MD5 collision is not a useful work comparison
to guessing a specific password. Also, we already know that the
collision thing (birthday attack) is the area of MD5 operation that
crypto geeks are most worried about.


I'm sorry- I don't get this- if you find either a collison or the 
password, don't you have the appropriate data to be able to authenticate 
since either will produce the same hash?

[...]

Until then, I'd appreciate any other insights people have.


Let's look at it upside down (I should have approached it this way from
the start).

For a completely random hex password it's a pure 4 bits of entropy per
byte.[1]

Completely random typeables comes out at 6.55 something bits for my 94
character keyboard. 

Let's say that order 2^64 is still "safe" for work attacks (that's an
arbitrary figure I Just Made Up. I get to do that because it's my
email.).


Ha!  2^64 is the "strength" of MD5 given collisions, methinkis the number 
is more significant than "just made up!"  SHA1 is good for 2^128, I've 
always wondered why all the crypto geeks didn't go to SHA1 for password 
hashes.

practice. (Although I do routinely use md5sums of random things for VPN
shared secrets).


The key (NPI) is that for things where the hash vaule is likely to be sent 
in the clear or snarfed from a filesystem (.htaccess, /etc/password...) 
it's questionable if we get much protection from the hash (if any.)

because of mathy exponential goodness. There you go - now you can write


No point here, I just like having "mathy exponential goodness" in my 
message too ;)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Radius access from provider to internal MS ISA Server Christoph Steigmeier (Jul 04)
- Re: Radius access from provider to internal MS ISA Server Paul Robertson (Jul 04)
  - RE: Radius access from provider to internal MS ISA Server Ben Nagy (Jul 05)
    - RE: Radius access from provider to internal MS ISA Server Paul Robertson (Jul 05)
    - Re: Radius access from provider to internal MS ISA Server Kyle R. Hofmann (Jul 05)
    - Re: Radius access from provider to internal MS ISA Server Paul Robertson (Jul 05)
    - RE: Radius access from provider to internal MS ISA Server Ben Nagy (Jul 07)
    - RE: Radius access from provider to internal MS ISA Server Paul Robertson (Jul 07)
    - RE: strong passwords (was Radius/MS ISA stuff) Ben Nagy (Jul 08)
    - RE: strong passwords (was Radius/MS ISA stuff) Paul Robertson (Jul 08)
    - Re: strong passwords (was Radius/MS ISA stuff) Barney Wolff (Jul 08)
    - RE: strong passwords (was Radius/MS ISA stuff) Bill Royds (Jul 08)
    - RE: Radius access from provider to internal MS ISA Server R. DuFresne (Jul 06)
    - RE: Radius access from provider to internal MS ISA Server Bill Royds (Jul 06)
    - RE: Radius access from provider to internal MS ISA Server Ben Nagy (Jul 07)