Re: R: Do not use stock RedHat 6.0 kernels with SMBFS! [OFF-TOPIC]

tytso@mit.edu
Mon, 14 Jun 1999 20:56:38 -0400


Date: Fri, 11 Jun 1999 13:05:01 -0400
From: Justin Hahn <jehahn@raven.bu.edu>

aw> On Thu, 10 Jun 1999, Steve Dodd wrote:
>>
>> Rubbish. Store a secure one-way hash of the password. The problem is just
>> in choosing a secure algorithm.
aw>
aw> No, the one-way hashes are still sensitive (more so than a shadow file).

Explain this. Any decent hash function has the following properties:

- non invertible (or not trivially so)

(note that a good hash function need not be bijective, and I'd
conjecture that it shouldn't be)

I don't see the sensitivity here.

The problem is that user's passwords are in a much smaller space, so you
can simply try to invert the has by trying all possible "typable"
passwords, which is small enough that that a brute-force attack is
tractable.

- Ted

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/