Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: John Viega (viega_at_securesoftware.com)
Date: Mon Nov 11 2002 - 11:28:40 CST
I don't disagree that the crypto algorithm is the weakest link in the
chain. Nonetheless, you have to realize that if you make a few good
decisions, it might end up being the weakest link. For example,
offline password guessing attacks can be thwarted by increasing the
cost to compute with a trick along the lines of the one I mentioned
previously. Therefore, why use an algorithm that is probably broken?
I think at this point in time, it's almost as irresponsible to
recommend MD5 for a new application as it is to recommend SHA1. Beyond
that, we agree on what are the more important priorities...
On Monday, November 11, 2002, at 12:03 PM, Jeremy Epstein wrote:
> At great personal risk, I'll jump in.
> For all practical purposes, it just doesn't matter whether you choose
> MD5 or
> SHA-1 for hashing the passwords. Either one is far stronger than the
> of almost any software system, and either one is far stronger (because
> they're one-way hashes) than using 3DES in a standard mode (i.e, where
> used to encrypt the passwords, and then the decryption key is kept
> around somewhere). [If you're using 3DES in the mode suggested by
> then I'd argue you can pick any of the three with roughly equivalent
> results.] Remember, it only matters which one is stronger if the
> captures your password file... which indicates that something else was
> already compromised.
> I don't believe in counting how many angels can dance on the head of a
> or which crypto algorithm is a better hash, unless I understand enough
> the rest of the application to be convinced that the crypto is truly
> weak link in the chain. And in the original posting, there was no
> near enough information to convince me that crypto is really the weak
> I worked for a couple years on a DARPA program where the manager liked
> use analogies to talk about our goals. One of his favorites was three
> picket fences lined up one behind another (with different height
> within each fence), where each fence represents a security system. If
> have tall pickets, then it doesn't matter whether the other pickets
> lined up
> are short or tall. And there's no point increasing the heights of the
> pickets as long as there are short pickets nearby... the fence jumper
> jumps over the low pickets. [Obtrivia: some of you may have seen the
> T-shirt I made with this and other metaphors. It's the one that says
> "Defense Advanced Research PowerPoint Agency", and "Management by
> for Over a Fiftieth of a Century". I have the artwork for anyone who's
> Anyway, arguing about MD5 vs. SHA-1 vs. 3DES (in the proper mode) is
> the height of the tallest picket around. The OS, applications,
> humans, etc.
> are the low pickets.