Bugtraq mailing list archives

Re: Insecure handling of NetSol maintainer passwords

From: tschroed () ACM ORG (Trevor Schroeder)
Date: Wed, 10 Nov 1999 18:22:26 -0600


On Tue, 9 Nov 1999, Jefferson Ogata wrote:

generate with their New Contact Form web system runs the password you
enter through crypt(), but the first two characters of the encrypted
value (the salt) are the same as the first two characters of the
password, indicating they use the password as its own salt. This
dramatically limits the usefulness of encrypting the password in the
first place, since you've already given away the first two characters,
and probably hamstrung the whole algorithm at the same time. (More
advanced crypto people than I can comment on this.) In any case,

Your damn tooty this isn't the way to do this!! If anyone gets ahold of
your crypted password, they've got the first two chars of the password
making the guess significantly easier.

crypt() basically DES encrypts 0 with your password as the key. That's why
it's 8 chars. 8 ASCII chars = 7 bits/char * 8 char = 56 bits.

2^56 = 72057594037927936 possible keys.

Of course, 7 bits => 128 chars, but we must subtract the 32 control chars which leaves us with 96 textual characters
(including spaces).

Now our keyspace is 96^8 = 7213895789838336, roughly 1/10th of the previous
keyspace, but not unreasonable for non-critical applications. (ie, nothing
to trust your credit card to, but a non-trivial key nonetheless).

However, if we can get the first two characters of your password, assuming
that the rest is randomly distributed (ie, no dictionary based passwords),
that leaves us with 6 unknown chars.

Our unknown keyspace is now 96^6 = 782757789696, just over 1/10000th the
previous and 1/100000th the space of a full 56 bit key. This leaves us
with roughly 40 bits (log2(782757789696) = 39.5) of entropy--again,
assuming random characters.

40 bits keys can be broken pretty quickly.
..........................................................................
: "I knew it was going to cost me my head and also my swivel chair, but :
: I thought: What the hell--better men than I have risked their heads :
: and their swivel chairs for truth and justice." -- James P. Cannon :
:........... http://www.zweknu.org/ for PGP key and more ................:

Current thread:

Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2), (continued)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
  - BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
  - Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
  - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
    - Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
    - flaw in dmesg under Solaris echo8 (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
    - Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
    - networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
    - [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
    - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
  - Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
  - FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
    - Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
  - Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)
- IE4/5 "file://" buffer overflow UNYUN (Nov 08)
  - Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
  - (no subject) Ejovi Nuwere (Nov 09)

(Thread continues...)