Bugtraq mailing list archives

Re: @stake Security Advisory: NetZero Password Algorithm

From: djm () MINDROT ORG (Damien Miller)
Date: Fri, 21 Jul 2000 12:02:39 +1000


On Tue, 18 Jul 2000, Dan Kaminsky wrote:

Of course, the obvious question is how a system verify the correctness of a
password without actually posessing that password.  It's a question that's
rather repeatedly answered.  Password handling is simultaneously one of the
few Solved Problems of Cryptography *and* one of the most misunderstood.
Simply store a MD5 or SHA-1 one-way hash of the password.


Salted I hope, unless you like dictionary attacks.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm () mindrot org (home) -or- djm () ibs com au (work)

Current thread:

Re: [RHSA-2000:043-02] Updated package for nfs-utils available, (continued)
- - - Re: [RHSA-2000:043-02] Updated package for nfs-utils available Matt Wilson (Jul 18)
    - Update on TooRcon Computer Security Expo Ben (Jul 18)
    - "Best Practices for Secure Web Development" whitepaper Razvan Peteanu (Jul 18)
    - [Security Announce] MDKSA-2000:021 nfs-utils update Linux Mandrake Security Team (Jul 18)
    - Microsoft Security Bulletin (MS00-043) Microsoft Product Security (Jul 19)
    - Remotely Exploitable Buffer Overflow in Outlook "Malformed E-mail MIME Header" Vulnerability Ussr Labs (Jul 19)
    - Re: [RHSA-2000:043-02] Updated package for nfs-utils available Joe Laffey (Jul 18)
    - Re: [RHSA-2000:043-02] Updated package for nfs-utils available Kurt Seifried (Jul 18)
    - @stake Security Advisory: NetZero Password Algorithm Brian Carrier (Jul 18)
    - Re: @stake Security Advisory: NetZero Password Algorithm Dan Kaminsky (Jul 18)
    - Re: @stake Security Advisory: NetZero Password Algorithm Damien Miller (Jul 20)
    - Multiple bugs in Alibaba 2.0 Prizm (Jul 18)
    - Buffer Overflow in MS Outlook Email Clients Aaron Drew (Jul 19)
    - Re: Buffer Overflow in MS Outlook Email Clients bednar () RAK ISTERNET SK (Jul 18)
    - Re: Buffer Overflow in MS Outlook Email Clients chris.paget () ANALYSYS COM (Jul 19)
    - Re: Buffer Overflow in MS Outlook Email Clients Elias Levy (Jul 21)
  - [Fwd: linux-ftpd 0.16 is also vulnerable] Paulo Ribeiro (Jul 17)
- "Absent Directory Browser Argument" DoS Peter Grundl (Jul 15)
- Lots and lots of fun with rpc.statd Daniel Jacobowitz (Jul 16)