A weak cryptoloop implementation in Linux?
Posted Jan 22, 2004 8:32 UTC (Thu) by error27
Parent article: A weak cryptoloop implementation in Linux?
> Kerneli.org loop crypto implementation (and derived versions such as
> Debian, SuSE and others) are vulnerable to optimized dictionary attacks
> because they use unseeded (unsalted) and uniterated key setup.
This is a flaw, but it's not a back-door. "Back-door" implies malice and deliberate deceit. It's a bad word to use unless you want to offend someone.
The article explains salting, but the other part of the solution is in the "uniterated". Basically, you take the password and the salt and you hash them. Take that hash and hash it. Repeat the process as many times as you can in .2 seconds. Save the salt and the number of times you hashed the password and salt so you can check the password later.
If you use a 128 bit salt the attacker can't use a dictionary attack directly, but he can still test thousands of possible passwords in a second. With the extra hash iterations the attacker can only test 5 possible passwords in a second.
to post comments)