[Cryptography] SHA-256 decrypted (8 rounds)
Natanael
natanael.l at gmail.com
Tue Apr 2 18:00:39 EDT 2024
Den tis 2 apr. 2024 23:15McDair via cryptography <cryptography at metzdowd.com>
skrev:
>
> Allow me to provide the broader context:
>
> > > In code, I found 'Encrypt' and 'Decrypt' clearer counterparts than
> > > 'Hash' and 'FindPreImage' or something like that. Especially for
> > > subroutines.
> > > Also 'Encryption' is a general term wrt cryptography/cryptology.
>
>
>
> The reasons why I used this terminology was mainly from a code development
> point of view, however enthusiastically conveyed outside of this scope.
>
> It is fair to say it might be confusing within the scope of a
> cryptographic hash function, although applicable in a broader sense.
>
>
> To clarify:
>
> As mentioned before, encryption in its most general meaning is about
> protecting secrets. In this context it is not function-type specific.
>
>
> Here is an example:
>
> Let's say you manage a web application's login credentials, and want to
> make sure your users' actual passwords will not be exposed in case your
> server/database gets compromised.
>
> You will be thinking of ways to *encrypt* this data, render it unreadable
> for an attacker. At this point it is function agnostic.
>
> It is perfectly fine to ultimately choose to use a cryptographic hash
> function to this end.
>
This type of thinking lead to the Adobe password sudoku
https://www.csoonline.com/article/540070/network-security-adobe-confirms-stolen-passwords-were-encrypted-not-hashed.html
https://arstechnica.com/information-technology/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/
Using encryption is simply *not acceptable* for passwords due to frequent
password reuse in the real world, because encryption implies a key can
decrypt it and it can lead the authentication system designer down the
entirely wrong path.
Usually deterministic symmetric encryption is fine in many usecases (most
disk encryption like Bitlocker, and other stuff that doesn't involve
network protocols), but it's extremely unacceptable for passwords, and it's
made worse by using ECB mode with a short block cipher function and thus
making *fractions* of passwords recognizable when they are reused.
The infosec community learned this in the 90's, encryption for passwords
has been deprecated for multiple decades.
We use "cryptography" as the general term, we do *not* use "encryption" as
a general term.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240403/1d97c674/attachment.htm>
More information about the cryptography
mailing list