Re[2]: [db-wg] crypted password
-
From: Alexander Yemelyanov ripe-db-wg@localhost
-
Date: Tue, 25 Jul 2006 11:54:21 +0300
-
Reply-to: Alexander Yemelyanov db-wg@localhost
Dear db-wg@localhost,
[24.07.2006 19:37] Marco d'Itri wrote:
MdI> On Jul 24, Max Tulyev president@localhost wrote:
>> It is good idea even to hide PGP key data (open key) because why we need
>> to provide extra data to evil persons?
MdI> http://en.wikipedia.org/wiki/Kerckhoffs%27_principle
As I understand, Max is probably concerned that open MD5 hashes provide an
easy way to conduct offline attacks - bruteforce or more effective (esp. with
recent reports of MD5 not being as strong as supposed).
As far as bruteforce is concerned, offline attacks are most dangerous, because
the speed is limited only by the attacker's available processing power, whereas
an authentication server could impose delays, detect and block abnormal volume
of requests, etc.
This seems to be the same consideration as the one behind shadowing /etc/passwd.
e.g. in FreeBSD:
-rw------- 1 root wheel /etc/master.passwd <-- Contains MD5 hashes
-rw-r--r-- 1 root wheel /etc/passwd
Best Regards,
Alexander Yemelyanov,
Comintern I.S.P.
|
you are here: RIPE -> RIPE Maillists > Archives
