[plug] Is Red hat truly flawed?

Christian christian at amnet.net.au
Wed May 3 12:12:51 WST 2000


On Wed, May 03, 2000 at 11:56:36AM +0800, Matt Kemner wrote:
> On Wed, 3 May 2000, Christian wrote:
> 
> > I'm going to take this question literally and assume you are asking what
> > prevents bcrypt from being vulnerable to a precomputed dictionary
> > attack.  The simple answer is that bcrypt uses an 128-bit salt.
> 
> But if you have the password, you have the salt, right?
> So you can still compile your dictionary on-the-fly (eg with john the
> ripper)

Yes.  As I said above, that only deals with a *precomputed* dictionary
attack.  To deal with the standard offline dictionary attack bcrypt uses
the expensive key scheduling for the Blowfish algorithm.  In other
words, it takes the hashing function back to the days when DES was fast
enough to allow logins but slow enough to to make it difficult to check
too many passwords.  The problem was that computers got faster and
optimisations (e.g., Biham's bitslicing) were found for software
implementations.  bcrypt deals with this using the expensive key
scheduling which is deliberately designed to be hard to optimise and by
allowing the hashing function to be scaled as time goes on.  By
increasing the value given in the passwd.conf file in OpenBSD you can
increase the amount of computation required to hash the passwords.  As a
result the scheme is "future-adaptable" -- your passwords can be just as
secure in 10 years time as they are today.  MD5?  Pfft. :-)

Like I said, see the paper if you want more details.

Regards,

Christian.



More information about the plug mailing list