[Chicago-talk] Password strength
Steven Lembark
lembark at wrkhors.com
Sun Aug 9 09:02:58 PDT 2015
> So I'm confused about what the issue would be with using MD5s if my
> recommendations are taken together. Any insight?
The collision domain of MD5 hashes is not large enough to defeat
the computer resources avaialble to generate collisions.
The original /etc/passwd scheme of salt+hash worked in the days of
full-height 5MB drives because storing the enough strings to defeat
it would have passed the Chandrasekhar limit. Today I can get enough
4TiB+ drives to store the space; or generate colliding hash chains
quickly enough to find collisions in "reasonable" times.
MD5 password hashes were a workable answer at the time they were
first invented but are now in the same bucket as salt+checksum:
the hardware available to compute, store, and index collision
chains is readily accessable. At that point MD5's collision domain
is not large enough to defeat someone.
The approach of requiring "better" passwords solves issues with
brute-force generation of dictionary strings but does nothing to solve
hash collision issues, which are simply a function of the MD5 digest
size, not the input domain of the passwords. The only real fix for
this is using an ever-larger digest in order to make the domain of
collisions large enough to avoid pre-computing them. Once that is
done, forcing longer, more varied passwords is an excellent way to
improve security; until then it doesn't help all that much.
--
Steven Lembark 3646 Flora Pl
Workhorse Computing St Louis, MO 63110
lembark at wrkhors.com +1 888 359 3508
More information about the Chicago-talk
mailing list