Re: [PATCH/KERNELI] Util-linux 3des update

From: Gisle S{lensminde (gisle@ii.uib.no)
Date: Fri Sep 22 2000 - 14:03:17 EST

Next message: Andre Hedrick: "Re: Reproducable hard locks in 2.2.17. IDE related"
Previous message: Martin Mares: "Re: PATCH: pci_enable_device_mask"
In reply to: Sandy Harris: "Re: [PATCH/KERNELI] Util-linux 3des update"
Next in thread: Marc Mutz: "Re: [PATCH/KERNELI] Util-linux 3des update"
Reply: Marc Mutz: "Re: [PATCH/KERNELI] Util-linux 3des update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 22 Sep 2000, Sandy Harris wrote:

> Gisle S{lensminde wrote:
>
> No. Adding data the attacker knows cannot make the attack harder to any
> significant extent. At best, it might increase attack overheads by some
> small factor. What you need for security are things that cost little or
> nothing for legitmate users but increase attack difficulty exponentially.
>
<snip>

> Yes it does. If the passphrase entropy is 100 bits, the best brute
> force attack is to try all 2^100 possibilities. If it is 200 bits,
> or 500, the best brute force attack is to ignore the passphrase
> and try the 2^160 possible outputs from the first hash. There is
> no case where you have to try all 2^192 possible 3DES keys against
> this scheme.
>

The scheme goes as follows, where || is used as concatenation, M is the
passphrase and MD is ripemd160. A substring of H will be used for key.

H1 = MD( M )
H2 = MD( A || M)
H = H1 || H2

This scheme is not simply a hash of the hash, and it should not simply be
adding data, as far as I can judge. Is this wrong? However, the main point
is to make the data unpredictable for the attacker. Predictable data in
the last DES subkey would probably open up for certain attacks.

I think we can agree that the weakest point in passphrase-based system
like this one is to short/bad passphrases. I tried to say that users never
types in 160 bit or more of real entropy. I would in fact guess that 40
bits is a better estimate for typical entropy in passphrases. The most
successfull attack against this scheme is probably a dictionary attack.

If I got you right, you don't mean that that the scheme introduce any
weaknesses?

-- Gisle Sælensminde ( gisle@ii.uib.no )

With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Andre Hedrick: "Re: Reproducable hard locks in 2.2.17. IDE related"
Previous message: Martin Mares: "Re: PATCH: pci_enable_device_mask"
In reply to: Sandy Harris: "Re: [PATCH/KERNELI] Util-linux 3des update"
Next in thread: Marc Mutz: "Re: [PATCH/KERNELI] Util-linux 3des update"
Reply: Marc Mutz: "Re: [PATCH/KERNELI] Util-linux 3des update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:27 EST