Private Key Generation from Passwords/phrases
Abe Singer
abe at sdsc.edu
Sun Jan 28 14:42:59 EST 2007
On Sun, Jan 28, 2007 at 11:52:16AM -0500, Steven M. Bellovin wrote:
> >
> Is that all in one /etc/passwd file (or the NIS equivalent)? Or is it a
> Kerberos KDC? I note that a salt buys the defense much less in a
For SDSC, one file. For UCSD, not sure, but I suspect it's (now) a KDC.
(Brian, are you on this list?)
> Kerberos environment, where capture of the KDC database lets an
> attacker roam freely, and the salt simply protects other sites where
> users may have used the same password.
Agreed.
> Beyond that, 60K doesn't make that much of a difference even with a
> traditional /etc/passwd file -- it's only an average factor of 15
> reduction in the attacker's workload. While that's not trivial, it's
> also less than, say, a one-character increase in average password
> length. That said, the NetBSD HMAC-SHA1 password hash, where I had
> some input into the design, uses a 32-bit salt, because it's free.
I don't disagree with you. I was just addressing your implication
(or at least, what I *read* as an implication ;-) that > 4096 users
was rare.
FWIW, the glibc MD5 crypt function uses a 48-bit hash.
also FWIW, salt lengths significatly affect the work factor and storage
requirements for pre-computated hashes from dictionaries.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list