From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,2ea9abfbe071a56f X-Google-Attributes: gid103376,public From: kilgallen@eisner.decus.org (Larry Kilgallen) Subject: Re: Saving and Encoding Passwords Date: 1999/11/28 Message-ID: <1999Nov28.142206.1@eisner>#1/1 X-Deja-AN: 554144946 References: <38315e1a.0@silver.truman.edu> <87u2m8exf8.fsf@deneb.cygnus.argh.org> <1999Nov27.093947.1@eisner> <87hfi6q4k4.fsf@deneb.cygnus.argh.org> X-Trace: news.decus.org 943816928 11403 KILGALLEN [216.44.122.34] Organization: LJK Software Reply-To: Kilgallen@eisner.decus.org.nospam Newsgroups: comp.lang.ada Date: 1999-11-28T00:00:00+00:00 List-Id: In article <87hfi6q4k4.fsf@deneb.cygnus.argh.org>, " "@deneb.cygnus.argh.org (Florian Weimer) writes: > kilgallen@eisner.decus.org (Larry Kilgallen) writes: > >> In article <87u2m8exf8.fsf@deneb.cygnus.argh.org>, Florian Weimer writes: >> >> > It is considered close to impossible to recover the password from >> > the hash value if the cryptographic hash function is one of the most >> > commonly used and thoroughly analyzed (i.e. MD5 or SHA-1). >> >> But that consideration is only of interest to mathematicians. > > Eh, maybe. ;) > >> Security folk realize that passwords freely chosen by humans >> are highly susceptible to brute force guessing attacks. The >> common defenses are: >> >> Include a secret per-user pseudo-random seed number >> in the hash, to prevent pre-computation of hashes for >> a particular username. > > There's no such thing like a `secret per-user pseudo-random seed number'. > The application needs to know it in order to verify the password, > which means it can't that secret. Of course, a password salt will > tremendously increase the size of a precomputed dictionary without much > effort on the application programmer's side. Keeping secrets is just one reason why we have operating systems. Any operating system smart enough to keep the hash result secret can keep the seed secret. If you don't like "operating system", try "protected subsystem" where the trusted code (and for a mail system, this _is_ part of the TCB) has the only access to the seed. Larry Kilgallen