Sebastian wrote:
> If I understood correctly, seeds are used to prevent dictionary attacks
> with precomputed password hashes.
Seed is used slow down dictionary attacks. It removes some optimzations that
could otherwise be used.
> However, if somebody finds the correct seed, he could again calculate
> the hashes on a different, very fast computer, couldn't he?
Yes he can. But without seed he can optimize the attack:
1) Compute hash of one dictionary string.
2) Encrypt one block (16 bytes) of known plaintext constant at specific
location in file system.
3) Save precomputed ciphertext + dictionary string in HUGE database.
Database is kept sorted by ciphertext value.
4) Repeat steps 1-3 for zillion dictionary strings.
Above precomputing can all be done in advance and needs to be done only
once.
Optimized dictionary attack:
1) Read one block (16 bytes) of ciphertext from known plaintext location on
the disk.
2) Do binary search of above mentioned HUGE database.
When seeded passwords are used, bad guys can't spend 10 years precomputing
such databases. They know they have to start from scratch with every
different seed.
> So how long does it take to calculate - let's say - one billion hashes?
If iteration count is set to value that takes 1 second of CPU time to do the
iteration, and assuming bad guys running the attack use same CPU but
optimized assembler implementation that is twice as fast, then it takes
about 500,000,000 seconds.
> Do I really gain significant security improvement in using seeds?
Yes.
Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
