, SecurityFocus 2005-11-09
A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.
Expand all |
Post comment
Gold at the end of rainbow cracking?
2005-11-09
Anonymous (4 replies)
Anonymous (4 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (2 replies)
Anonymous (2 replies)
Gold at the end of rainbow cracking?
2005-11-10
Mike B (3 replies)
Mike B (3 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Pete (3 replies)
Pete (3 replies)
Gold at the end of rainbow cracking?
2005-11-11
Anonymous (1 replies)
Anonymous (1 replies)
1. Of course, plain old crypt() hasn't really been the Unix default, at least on Linux, for years. Nearly all systems now use the MD5 version and quite a few now use SHA1. These use 48 bits of salt which isn't quite as dramatic as 64 bits but is already enough to definitely kill rainbow tables stone cold dead, probably for at least the next half century. Although actually, even the 12 bits of salt used by Unix in the 1970s might be enough to stop this project -- I notice that crypt() is _not_ in the list of hashes they are attacking!
2. You also mention stretching, and say "does this solve the basic problem ? Not really ...". I think you're too pessimistic there. There may currently be other problems with password based systems (e.g. no safe place to type it in), but a good stretching strategy really kills hash inversion dead, more or less indefinitely. The real beauty of stretching is that you can dynamically increase the stretching factor to exactly keep up with technological advances, so that no matter how powerful the available hardware becomes, it still takes about N x (acceptable login delay) / (number of hosts in cracking cluster) to crack a password! (Where N is the size of the password space.) Furthermore, instead of doing their rainbow table once and for all time, they have to rebuild it every time I increase my stretching factor (which could be every time someone changes a password, say every 4 to 8 weeks!). If an acceptable login delay for a low grade system is, say, 1 second, then generating a rainbow table for all printable passwords up to 8 characters will take not 2 years but 200 million years (divided by the number of processors available). And I can make them do it again as often as I like...
Basically this attack is a well and truly solved problem. Salting (which has been around since the 1970s) and stretching (which has been around for ~8 years) kill it dead. The systems which are vulnerable are only those which are badly implemented. Its significance will be mainly to show the number of sites which are not competently implemented.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11355/32719#32719