This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] crypted password
- Previous message (by thread): [db-wg] crypted password
- Next message (by thread): [db-wg] crypted password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Yemelyanov
ripe-db-wg at comintern.ru
Tue Jul 25 10:54:21 CEST 2006
Dear db-wg at ripe.net, [24.07.2006 19:37] Marco d'Itri wrote: MdI> On Jul 24, Max Tulyev <president at ukraine.su> wrote: >> It is good idea even to hide PGP key data (open key) because why we need >> to provide extra data to evil persons? MdI> http://en.wikipedia.org/wiki/Kerckhoffs%27_principle As I understand, Max is probably concerned that open MD5 hashes provide an easy way to conduct offline attacks - bruteforce or more effective (esp. with recent reports of MD5 not being as strong as supposed). As far as bruteforce is concerned, offline attacks are most dangerous, because the speed is limited only by the attacker's available processing power, whereas an authentication server could impose delays, detect and block abnormal volume of requests, etc. This seems to be the same consideration as the one behind shadowing /etc/passwd. e.g. in FreeBSD: -rw------- 1 root wheel /etc/master.passwd <-- Contains MD5 hashes -rw-r--r-- 1 root wheel /etc/passwd Best Regards, Alexander Yemelyanov, Comintern I.S.P.
- Previous message (by thread): [db-wg] crypted password
- Next message (by thread): [db-wg] crypted password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]