Password hashing function

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: Password hashing function

Post by Martin Blank »

psoTFX wrote:Obviously we need to keep an eye on it though.
Exactly the point I was trying to make. Is it an immediate issue? No, of course not, and if it seemed that I was making the opposite point, then I apologize. I tend to get a bit aggravated when I'm accused of just reading some blurb on another site and extrapolating out huge consequences.

My concern is that once a crack appears in a given algorithm, be it encryption or hashing, it's usually followed by significant advances that proceed to significantly reduce the difficulty of breaking the system.

Manip
Registered User
Posts: 11
Joined: Sun Sep 28, 2003 12:17 pm

Re: Password hashing function

Post by Manip »

Triple MD5 ;) Would take almost 600ms to generate each hash. Would also be compatible with the old one -

IF Format(user_md5) != NewFormat THEN
user_md5 = "T3:" . MD5(MD5(user_md5))

BartVB
Trapped inside rank factory, send help!
Posts: 335
Joined: Thu Aug 02, 2001 1:32 pm
Location: The Netherlands
Contact:

Re: Password hashing function

Post by BartVB »

Eeeh, I really don't seen what all this fuss is about, if you have access to the hash, why would you want to waste time on finding a collision?
I Hate oversized sigs and Love Penguins :D

Untoaleannil
Registered User
Posts: 2
Joined: Fri Jul 25, 2003 8:27 pm

Re: Password hashing function

Post by Untoaleannil »

Say you only use one password for just about every account you use. If you sign up for some message boards and the administrator goes AWOL on you and takes your hash, finds a collision, etc, then he has an string that's compatable with your real password. On every system that you use that has the same password, and hashes it with MD5. Would you want someone with this (yeah, it's a long shot, but it's the same idea.

BartVB
Trapped inside rank factory, send help!
Posts: 335
Joined: Thu Aug 02, 2001 1:32 pm
Location: The Netherlands
Contact:

Re: Password hashing function

Post by BartVB »

Ok, I see where you're going but this is way too far fetched for me :D

Ok, I've read the article and if I understand it correctly they need to know the IV to create a second IV that produces the same hash. So you need to know the password to find a string that produces the same MD5 hash. Not very useful in this application...
I Hate oversized sigs and Love Penguins :D

BartVB
Trapped inside rank factory, send help!
Posts: 335
Joined: Thu Aug 02, 2001 1:32 pm
Location: The Netherlands
Contact:

Re: Password hashing function

Post by BartVB »

Also check this out:

http://www.cryptography.com/cnews/hash.html" target="_blank
Q: What is a collision attack and a preimage attack?
A: A preimage attack would enable someone to find an input message that causes a hash function to produce a particular output. In contrast, a collision attack finds two messages with the same hash, but the attacker can't pick what the hash will be. The attacks announced at CRYPTO 2004 are collision attacks, not preimage attacks.
I Hate oversized sigs and Love Penguins :D

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: Password hashing function

Post by Martin Blank »

One of the most repeated NSA quips:

"Attacks always get better. They never get worse."
You can never go home again... but I guess you can shop there.

BartVB
Trapped inside rank factory, send help!
Posts: 335
Joined: Thu Aug 02, 2001 1:32 pm
Location: The Netherlands
Contact:

Re: Password hashing function

Post by BartVB »

True, but from what I got from all of this is that a collision attack is quite a bit different (mathematically) from a preimage attack.

And of course, in 50 years you'll probably be able to crack an MD5 hash in 2 split seconds, but should we worry about that? :D Changing from MD5 to something else is hell, every user will have to change his/her password, IMO that's just not worth it, not at this time anyway.

And if you want a superduper secure forum you're free to change the code from md5() to whatever you want :D That's a fairly trivial task...
I Hate oversized sigs and Love Penguins :D

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: Password hashing function

Post by Martin Blank »

Yeah, I know. A check to find out if the MD5 hash matches a known value and prompting for a password change if it doesn't and then encrypting it in SHA1 or, better, SHA-512 (I'm paranoid) wouldn't be too difficult.
You can never go home again... but I guess you can shop there.

User avatar
psoTFX
Registered User
Posts: 1984
Joined: Tue Jul 03, 2001 8:50 pm
Contact:

Re: Password hashing function

Post by psoTFX »

It sounds like you're being paranoid about something there is little real reason to be paranoid about ...

... I take it you run over SSL? Have secured servers with appropriate firewalling and tripwire apps? How about DB access? Is that secured? And I guess you have minimal accounts on the server and perhaps even run with SSH disabled, physically accessing the server to make changes?

Because without doing all these things and possibly more you remain at risk from all manner of potential security issues and holes ... well beyond the grabbing of a hash and running of a computation.

Post Reply