Bugtraq mailing list archives
Re: passwd hashing algorithm
From: fitz () wang com (Tom Fitzgerald)
Date: Wed, 19 Apr 95 23:24:06 EDT
SecureWare has modified the behavior of password hashing not to increase the strength of the underlying crypt(), but to increase the size of the possible password space and the resulting hash value. The algorithm breaks a password into crypt- sized blocks, running crypt() across each block. The salt for each block is derived from the ciphertext of the previous block to provide linkage between the individual blocks. The resulting hash is the concatenation of the various ciphertext blocks, prefixed with the initial salt.
This sounds like it could have a real weakness. Passwords that are longer than 8 characters tend to be only a little longer - most of them will be 9-12 characters. Few passwords will be 16 characters. With this algorithm it's easy to crack the last block, using the salt derived from the 2nd-to-last ciphertext by trying all 1-4 character strings. Given the last block of cleartext you can make some good guesses about the earlier blocks (If the last block is cracked and turns out to be 'h', you can try 'elizabeth', if it's 'ia' you can try 'california' etc.). My guess is a 9-12 character password would be weaker than an 8-character password under this scheme unless you were careful to keep the first 8 characters totally independent of the rest, putting a semantic boundary in the password. How about a variation where each block of cleartext was xor'ed with all of the previous blocks of cleartext before crypting?
watt:u_name=watt:u_id#124:\ :u_pwd=8F0Ovkj7jA9jE.ofsJ4MaIt6:\
Hmmm. Where'd I leave my copy of Crack.... -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Lowell MA, USA fitz () wang com
Current thread:
- Re: passwd hashing algorithm, (continued)
- Re: passwd hashing algorithm John F. Haugh II (Apr 16)
- Re: passwd hashing algorithm Charles Howes (Apr 14)
- Re: passwd hashing algorithm der Mouse (Apr 14)
- Re: passwd hashing algorithm smb () research att com (Apr 14)
- Re: passwd hashing algorithm Dennis Glatting (Apr 15)
- Re: passwd hashing algorithm smb () research att com (Apr 16)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: passwd hashing algorithm John F. Haugh II (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 18)
- Re: passwd hashing algorithm Charlie Watt (Apr 19)
- Re: passwd hashing algorithm Tom Fitzgerald (Apr 19)
- Re: passwd hashing algorithm Charlie Watt (Apr 20)
- The Dan Farmer rap Julian Assange (Apr 17)
- Re: The Dan Farmer rap Jonathan M. Bresler (Apr 20)
- Re: The Dan Farmer rap John Evans (Apr 20)
- Re: The Dan Farmer rap James O Ausman (Apr 21)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: The Dan Farmer rap Aleph One (Apr 20)
- Re: The pitiful rap Everett F Batey WA6CRE (Apr 21)
- Re: passwd hashing algorithm Dave Sill (Apr 20)
- Re: passwd hashing algorithm Charlie Watt (Apr 20)
- Not really full disclosure bmanning () isi edu (Apr 22)