From owner-freebsd-security@FreeBSD.ORG Thu Jan 28 18:54:11 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9D20106568B for ; Thu, 28 Jan 2010 18:54:11 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 863A28FC2B for ; Thu, 28 Jan 2010 18:54:11 +0000 (UTC) Received: from localhost (overdrive.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.162]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 28 Jan 2010 13:54:10 -0500 id 0003F409.000000004B61DD52.0000951A Date: Thu, 28 Jan 2010 13:54:10 -0500 From: Bill Moran To: Chris Palmer Message-Id: <20100128135410.7b6fe154.wmoran@collaborativefusion.com> In-Reply-To: <20100128182413.GI892@noncombatant.org> References: <20100128182413.GI892@noncombatant.org> Organization: Collaborative Fusion Inc. X-Mailer: Sylpheed 2.7.1 (GTK+ 2.18.5; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2010 18:54:11 -0000 I'm sure someone will correct me if I'm wrong, but you can't do this without establishing this as an entirely new algorithm. The hashes generated after your patch will not be compatible with existing password files, thus anyone who applies this will be unable to log in. Have you tried it? In response to Chris Palmer : > See your copy of /usr/src/lib/libcrypt/crypt-md5.c: > > /* > * and now, just to make sure things don't run too fast > * On a 60 Mhz Pentium this takes 34 msec, so you would > * need 30 seconds to build a 1000 entry dictionary... > */ > for(i = 0; i < 1000; i++) { > MD5Init(&ctx1); > if(i & 1) > MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); > else > MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); > > if(i % 3) > MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); > > if(i % 7) > MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); > > if(i & 1) > MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); > else > MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); > MD5Final(final, &ctx1); > } > > This algorithm is still the default on FreeBSD 8. (Blowfish is available -- > but has it been tuned for slowness either? I have not checked.) The purpose > of these functions is to be slow, but the above has not been slow for years. > Hence this patch: > > > --- crypt.h.orig 2010-01-28 10:14:50.000000000 -0800 > +++ crypt.h 2010-01-28 10:17:49.000000000 -0800 > @@ -32,6 +32,9 @@ > #define MD4_SIZE 16 > #define MD5_SIZE 16 > > +/* As processors get faster, increase this. 1000 was good on a Pentium 60. */ > +#define MD5_SLOW 100000 > + > char *crypt_des(const char *pw, const char *salt); > char *crypt_md5(const char *pw, const char *salt); > char *crypt_nthash(const char *pw, const char *salt); > > > --- crypt-md5.c.orig 2010-01-28 10:18:03.000000000 -0800 > +++ crypt-md5.c 2010-01-28 10:19:00.000000000 -0800 > @@ -107,10 +107,10 @@ > > /* > * and now, just to make sure things don't run too fast > - * On a 60 Mhz Pentium this takes 34 msec, so you would > + * On a 60 Mhz Pentium MD5_SLOW = 1000 takes 34 msec, so you would > * need 30 seconds to build a 1000 entry dictionary... > */ > - for(i = 0; i < 1000; i++) { > + for(i = 0; i < MD5_SLOW; i++) { > MD5Init(&ctx1); > if(i & 1) > MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Bill Moran Collaborative Fusion Inc. http://people.collaborativefusion.com/~wmoran/ wmoran@collaborativefusion.com Phone: 412-422-3463x4023 **************************************************************** IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****************************************************************