On Mon, 19 Jun 2017 11:12:20 -0400 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > There are only a handful of commonly-used cryptographically-secure > hashes which are likely to be used, and they're relatively easy to > narrow down simply by looking at length. Or, if they're stored like > they are in /etc/shadow, the entire string actually includes an > identifier for the hash. > > If the passwords are hashed in a non-standard way or with some made-up > thing... there's probably something wrong that a skilled attacker can > exploit. (Rule one of crypto: don't write your own crypto.) Why not use RSA? Create a set of RSA keys, and don't publish them. Encrypt each password with one of the keys, and store it in a database. When needed, decrypt it with the other RSA key. Or encrypt with the original key to compare with the database contents. If an attacker gets the database without the RSA keys, they are trying to decrypt the encrypted message without knowing the composite number that generated the keys. That is, they are trying to break RSA for all composite numbers the product of two large primes. Horrendous. And because these RSA keys aren't published, they can be nonstandard sizes. 4023? 3084? 6173? Good luck with that if you are the cracker. :-) This is private key RSA instead of public key RSA, more secure. Not roll your own crypto, extensively attacked and tested crypto. Sure, if your system gets compromised, and someone gains the keys, they break the encryption easily, but that isn't a crypto problem. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx