|
in reply to Re: OT: Cracking hashes made easier
in thread OT: Cracking hashes made easier
Of course, if you can create enough users (and passwords), you can try an attack to recover $secret.
That's the thing about hashes and reverse lookups; given a hashed value, the reverse lookup table gives you an input that hashes to that hash value, not necessarily the input that was used initially. So, I think that by employing your scheme, an attacker is highly unlikely to recover the secret. Of course, I'm not a cryptographer, so I may be missing something.
thor
Feel the white light, the light within
Be your own disciple, fan the sparks of will
For all of us waiting, your kingdom will come
|
Re^3: OT: Cracking hashes made easier
by tilly (Archbishop) on Nov 11, 2005 at 18:17 UTC
|
If you're using a 128 bit hash, and your key+password is less than 16 characters, then the shortest reverse lookup is probably the right one.
If we include the fact that key+password are usually made up of typeable characters, then the shortest reverse lookup that is typeable is probably the right one out to 19 or 20 characters.
I suspect that fairly few people use a long enough secret key to provide protection against this fact. But if you do, then you're right that the secret is still protected. | [reply] |
|
|
If you're using a 128 bit hash, and your key+password is less than 16 characters, then the shortest reverse lookup is probably the right one.
Because I'm curious and because I know that you're capable (-: willing is another question :-), would you mind explaining the math here?
thor
Feel the white light, the light within
Be your own disciple, fan the sparks of will
For all of us waiting, your kingdom will come
| [reply] |
|
|
15 characters at 8 bits per character is 120 bits. So the hash maps 2**120 15 bit strings into a set of 2**128 hashes. Plus 2**112 14 bit strings. And so on. Assuming that the hashing algorithm does a good job of making it look like a given string goes to a random hash, the probability of a given string having a collision is about 1/2**8=1/256. (Let's ignore the relatively small adjustments from smaller strings and collisions.) If there isn't a collision, then only one reverse lookup is under 16 characters, and it is yours.
That means that the odds that you are the shortest reverse lookup are about 99.5%, which qualifies as "probably" in my books.
At 16 characters the math gets much more complicated. The problem here is that the strings could map to all of the hash values if they spread out perfectly, but they clump. There are hash values that have multiple strings hashing onto them, and those clumps mean that elsewhere there are hash values that are not mapped onto. The distribution of how many strings hash to a single value is given by the Poisson Distribution with a rate around 1.005. So about 36.6% of the hash values only have one string map onto them, which means that a similar percentage of strings can theoretically be recovered from the hash value.
At 17 character strings the number of strings so overwhelms the number of hash values that there are always collisions, usually hundreds of them.
The typeable calculation is similar, except that you lose a bit over a bit per character because most characters are not typeable. I was too lazy the first time around to work out how much over a bit per character you lose.
| [reply] |
Re^3: OT: Cracking hashes made easier
by DrHyde (Prior) on Nov 14, 2005 at 11:40 UTC
|
Depending on what the secret is used for, that might not matter. For example, if it is a password, a hashed version of my password is stored on the server. ONLY the hash is stored, not the original password. When I try to log in, whatever I type is hashed, compared with the stored hash, and if it matches I am allowed in, regardless of whether I type "ilikepie" or "iamquicheeatinghippyscum".
Yes, that's a somewhat naïve scheme, but it serves to illustrate the point. | [reply] |
|
|
I don't really see what the secret could be used for other than as a salt. What did you have in mind?
thor
Feel the white light, the light within
Be your own disciple, fan the sparks of will
For all of us waiting, your kingdom will come
| [reply] |
|
|
uhh, a password. You know, like in:
login: thor
password: <-- the secret goes here
| [reply]
[d/l] |
|
|
|
|
|
|
