Jeremy,

I don't disagree that the crypto algorithm is the weakest link in the
chain. Nonetheless, you have to realize that if you make a few good
decisions, it might end up being the weakest link. For example,
offline password guessing attacks can be thwarted by increasing the
cost to compute with a trick along the lines of the one I mentioned
previously. Therefore, why use an algorithm that is probably broken?
I think at this point in time, it's almost as irresponsible to
recommend MD5 for a new application as it is to recommend SHA1. Beyond
that, we agree on what are the more important priorities...

John

On Monday, November 11, 2002, at 12:03 PM, Jeremy Epstein wrote:

> At great personal risk, I'll jump in.
>
> For all practical purposes, it just doesn't matter whether you choose
> MD5 or
> SHA-1 for hashing the passwords. Either one is far stronger than the
> rest
> of almost any software system, and either one is far stronger (because
> they're one-way hashes) than using 3DES in a standard mode (i.e, where
> it's
> used to encrypt the passwords, and then the decryption key is kept
> lying
> around somewhere). [If you're using 3DES in the mode suggested by
> Viega,
> then I'd argue you can pick any of the three with roughly equivalent
> results.] Remember, it only matters which one is stronger if the
> attacker
> captures your password file... which indicates that something else was
> already compromised.
>
> I don't believe in counting how many angels can dance on the head of a
> pin,
> or which crypto algorithm is a better hash, unless I understand enough
> about
> the rest of the application to be convinced that the crypto is truly
> the
> weak link in the chain. And in the original posting, there was no
> where
> near enough information to convince me that crypto is really the weak
> point.
>
> I worked for a couple years on a DARPA program where the manager liked
> to
> use analogies to talk about our goals. One of his favorites was three
> picket fences lined up one behind another (with different height
> pickets
> within each fence), where each fence represents a security system. If
> you
> have tall pickets, then it doesn't matter whether the other pickets
> lined up
> are short or tall. And there's no point increasing the heights of the
> tall
> pickets as long as there are short pickets nearby... the fence jumper
> just
> jumps over the low pickets. [Obtrivia: some of you may have seen the
> T-shirt I made with this and other metaphors. It's the one that says
> "Defense Advanced Research PowerPoint Agency", and "Management by
> Analogy
> for Over a Fiftieth of a Century". I have the artwork for anyone who's
> interested.]
>
> Anyway, arguing about MD5 vs. SHA-1 vs. 3DES (in the proper mode) is
> raising
> the height of the tallest picket around. The OS, applications,
> humans, etc.
> are the low pickets.
>
> --Jeremy
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]