Re: gnome-password-generator replacement?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 19 Jun 2017 11:12:20 -0400
Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:

> There are only a handful of commonly-used cryptographically-secure
> hashes which are likely to be used, and they're relatively easy to
> narrow down simply by looking at length. Or, if they're stored like
> they are in /etc/shadow, the entire string actually includes an
> identifier for the hash.
> 
> If the passwords are hashed in a non-standard way or with some made-up
> thing... there's probably something wrong that a skilled attacker can
> exploit. (Rule one of crypto: don't write your own crypto.)

Why not use RSA?  Create a set of RSA keys, and don't publish them.
Encrypt each password with one of the keys, and store it in a
database.  When needed, decrypt it with the other RSA key.  Or encrypt
with the original key to compare with the database contents.  If an
attacker gets the database without the RSA keys, they are trying to
decrypt the encrypted message without knowing the composite number that
generated the keys. That is, they are trying to break RSA for all
composite numbers the product of two large primes. Horrendous. And
because these RSA keys aren't published, they can be nonstandard
sizes.  4023? 3084? 6173? Good luck with that if you are the
cracker.  :-)

This is private key RSA instead of public key RSA, more secure.  Not
roll your own crypto, extensively attacked and tested crypto.  Sure, if
your system gets compromised, and someone gains the keys, they break
the encryption easily, but that isn't a crypto problem.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux