Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
From: Jim Knoble <jmknoble@xxxxxxxxx>
Date: Wed, 20 Apr 2005 22:58:34 -0400
In-reply-to: <20050420212323.GT58835@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050420165055.GQ29028@xxxxxxxxxxxxxx> <4659.1114030998@xxxxxxxxxxxxx> <20050420212323.GT58835@xxxxxxxxxxx>
User-agent: Mutt/1.4.1i

Circa 2005-04-20 dixit Jim C. Nasby:

: Actually, it's not as silly as you think. You can download rainbow
: tables for Windows/LanMan passwords up to 14 or 15 characters in length.
: Given the password hash and some code, you can determine the user's
: password in a matter of minutes.

I thought the idea of the salt was to aid in expanding the keyspace.
Even though the salt is known (in traditional Unix
passwd/shadow/master.passwd databases, it's stored at the beginning of
the password field), appending the salt to the password expands the
keyspace to length(password) + length(salt).  With a (barely) reasonable
8-byte password and an 8-byte salt, that gives you a 128-bit key (if you
use password+salt as the key).  Remember that the keyspace for a 16-byte
password is (theoretically) 256 times as large as the keyspace for a
15-byte password.  If you require 10- or 12-byte passwords and add 12
bytes of salt, you approach 192-bit keys and get a keyspace between
10^14 and 10^21 times as large as 15-byte passwords (assuming your
password hash algorithm can handle 192-bit keys).  Even a 160-bit key
(20 bytes = 10-byte password + 10-byte salt) has a formidable keyspace,
for now, assuming high-quality keys: 10^48 keys * 20 bytes is a lot of
storage space.

: Simply put, MD5 is no longer strong enough for protecting secrets. It's
: just too easy to brute-force. SHA1 is ok for now, but it's days are
: numbered as well. I think it would be good to alter SHA1 (or something
: stronger) as an alternative to MD5[...].

"Something stronger" being bcrypt-2a, based on Blowfish.  Solar
Designer's public domain implementation is here:

    http://www.openwall.com/crypt/

-- 
jim knoble  |  jmknoble@xxxxxxxxx  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 809F:09B9:9686:D035:4AB0::9455:124B:0A62:DD6A:76D6)
 .....................................................................
 :"The methods now being used to merchandise the political candidate :
 : as though he were a deodorant positively guarantee the electorate :
 : against ever hearing the truth about anything."   --Aldous Huxley :
 :...................................................................:

Follow-Ups:
- RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
  - From: Mike Fratto

References:
- Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
  - From: Stephen Frost
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
  - From: Tom Lane
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
  - From: Jim C. Nasby

Prev by Date: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Next by Date: MDKSA-2005:073 - Updated cvs packages fix vulnerability
Previous by thread: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted
Next by thread: RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Index(es):
- Date
- Thread