User: Password:
|
|
Subscribe / Log in / New account

Responsible disclosure in open source: The crypt() vulnerability

Responsible disclosure in open source: The crypt() vulnerability

Posted Jun 8, 2012 8:37 UTC (Fri) by tialaramex (subscriber, #21167)
In reply to: Responsible disclosure in open source: The crypt() vulnerability by intgr
Parent article: Responsible disclosure in open source: The crypt() vulnerability

I imagine the author means algorithms based on... rather than intending that you should use an unpessimised and unsalted hash.

Probably this is because of the same error that Poul-Henning Kamp has made in the last few days here: http://phk.freebsd.dk/sagas/md5crypt_eol.html, giving advice with the assumption that the people receiving it are smart, well-motivated people who know the topic.

A handful of people will muse on what PHK wrote and then write robust, heavily pessimised and salted hashing algorithms, custom for their application, properly review and test them and put them into production. But far more people will take this as an opportunity to either:

(a) continue using crude variants of MD5(password) using e.g. a small per-application salt under the belief that a little obscurity buys them more than the security of an established algorithm such as PHK-MD5 or even the DES crypt.

(b) argue that these crypto programmers don't understand real world problems such as the desire to re-use passwords across applications and thus ought to be ignored by "real" programmers who need to get that PHP web forum working to keep the client happy.

Overall I think PHK's article was mistimed, not least because the numbers he gives to "scare you straight" seem to be exaggerated or based on some additional assumptions he didn't provide.


(Log in to post comments)

Responsible disclosure in open source: The crypt() vulnerability

Posted Jun 9, 2012 7:50 UTC (Sat) by bsdphk (guest, #85042) [Link]

With respect to "exaggerated numbers": Yes, for reasons of confidentiality I cannot reveal all I know, but do read the provided reference about GPUs, and then ask yourself "I wonder what speed an FPGA runs then...?"

With respect to mistimed, no, it was very carefully timed and I hit it very close to perfect.

To get a message like this out to all the people who need to hear it is very difficult.

I don't have a Vogon Tanoy where I can press a button and go "People of Earth, Your attention please..."

Piggybacking on the LinkedIn attention-wave, meant that news-providers had "password" in their short term memory and my message got very efficiently relayed.

With respect to the guidance I give: I you think that is a bad idea, I suggest you write an easy to use, liberally licensed password scrambler which actually solves the problem for a decade or two.

The present wave can be surfed for about a week more...

Thanks for using my code

Poul-Henning

Responsible disclosure in open source: The crypt() vulnerability

Posted Jun 11, 2012 10:31 UTC (Mon) by intgr (subscriber, #39733) [Link]

> With respect to the guidance I give: I you think that is a bad idea, I suggest you write an easy to use, liberally licensed password scrambler which actually solves the problem for a decade or two.

There are tons of free implementations of PBKDF2 and a few of scrypt. Those are the only two that are worth using. Surely you were aware of both? I'm surprised you're even suggesting that we need any new libraries/standards.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds