Bugtraq mailing list archives
Re: passwd hashing algorithm
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Sun, 23 Apr 95 8:18:41 CDT
Your second statement (...but its probably [ GodAwfulMany to 1 ] ...) seems to be based on nothing but pessimism.
Not really. The birthday attack works because you aren't picking a single common "birthday" in advance. You are looking at the entire population of key,cleartext pairs. If you pick a new second random starting point for this attack, the probability of a match is still just as good as with the original second random key. Since there are 2^56 random starting points and each of those trials will generate (one hopes ...) 2^32 unique keys in the hash table, we can repeat this expirement 2^24 times, with each of those 2^24 times having the same high probability of success. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
Current thread:
- no virus, only a rumor, (continued)
- no virus, only a rumor Albert Lunde (Apr 22)
- Re: no virus, only a rumor [good times, xxx-1] Matthew Hannigan (Apr 23)
- Good Times Paul Robinson (Apr 24)
- Re: virus Joshua Hosseinoff (Apr 23)
- Re: virus eli (Apr 23)
- The list Jon Green (Apr 23)
- Re: passwd hashing algorithm John F. Haugh II (Apr 20)
- Re: passwd hashing algorithm Charlie Watt (Apr 21)
- Re: passwd hashing algorithm John F. Haugh II (Apr 21)
- Re: passwd hashing algorithm Timothy Newsham (Apr 21)
- Re: passwd hashing algorithm John F. Haugh II (Apr 23)
- RE: virus Erich W. Gunther (Apr 23)
- Re: passwd hashing algorithm David Miller (Apr 19)
- Re: passwd hashing algorithm David A. Wagner (Apr 19)
- Re: passwd hashing algorithm John F. Haugh II (Apr 21)
- AntiFlash talkd Richard Allen (Apr 19)
- Re: AntiFlash talkd James M. Golovich (Apr 19)
- Password Storage as Environment Variable Bill Bradley (Apr 19)