Why use strong passwords? Post: 302727029

Sponsored Content

Special Forums Cybersecurity Why use strong passwords? Post 302727029 by Neo on Monday 5th of November 2012 02:00:16 PM

11-05-2012

Administrator

Quote:

Obviously, the use of salting does not necessarily improve the strength of the encryption. In fact, especially since the mechanism of DEA is not well understood by cryptanalysts who do not have access to classified files explaining the algorithm, it is possible that salting may have weakened the encryption process.

Frankly, many years ago, I worked on a project to help NIST in the US evaluate the AES algorithm. I even wrote a paper on the topic; but it was not published (public).

Crypto is math, and computing power... and the state of the art changes as computing power changes. What was a great crypto algorithm for the processing power of 10 years ago is just weak "history" today, and the same is true for the crypto today, when we fast forward 10 or more years.

Edit: Anyway, this is mostly "abstract" because when discussing cryptography, we should really not speak in sweeping generalizations; but focus on the exact algorithms, hash functions, length of keys, salt, method of storing both cryptographics hashes and salt, etc.

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Strong quotes and spaces

We ran into a problem because of a shop that uses Windows and UNIX. The file names that Windows uses have spaces in them. When they get moved to the unix system they still have spaces. This produces a problem in our script that moves them again from one unix system to another. I've made up a...

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the...

LEARN ABOUT OPENSOLARIS

passwd

passwd(1openssl)						      OpenSSL							  passwd(1openssl)

NAME

       passwd - compute password hashes

SYNOPSIS

       openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] {password}

DESCRIPTION

       The passwd command computes the hash of a password typed at run-time or the hash of each password in a list.  The password list is taken
       from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the terminal otherwise.  The Unix
       standard algorithm crypt and the MD5-based BSD password algorithm 1 and its Apache variant apr1 are available.

OPTIONS

       -crypt
	   Use the crypt algorithm (default).

       -1  Use the MD5 based BSD password algorithm 1.

       -apr1
	   Use the apr1 algorithm (Apache variant of the BSD algorithm).

       -salt string
	   Use the specified salt.  When reading a password from the terminal, this implies -noverify.

       -in file
	   Read passwords from file.

       -stdin
	   Read passwords from stdin.

       -noverify
	   Don't verify when reading a password from the terminal.

       -quiet
	   Don't output warnings when passwords given at the command line are truncated.

       -table
	   In the output list, prepend the cleartext password and a TAB character to each password hash.

EXAMPLES

       openssl passwd -crypt -salt xx password prints xxj31ZMTZzkVA.

       openssl passwd -1 -salt xxxxxxxx password prints $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a..

       openssl passwd -apr1 -salt xxxxxxxx password prints $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0.

OpenSSL-0.9.8							    Oct 11 2005 						  passwd(1openssl)