From owner-freebsd-security@FreeBSD.ORG Fri Jan 29 00:15:10 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3743B106566B for ; Fri, 29 Jan 2010 00:15:10 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello089077043238.chello.pl [89.77.43.238]) by mx1.freebsd.org (Postfix) with ESMTP id 7DEB38FC2B for ; Fri, 29 Jan 2010 00:15:09 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 6C13745F47; Fri, 29 Jan 2010 00:55:44 +0100 (CET) Received: from localhost (chello089077043238.chello.pl [89.77.43.238]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 1ECD545C9F; Fri, 29 Jan 2010 00:55:39 +0100 (CET) Date: Fri, 29 Jan 2010 00:55:35 +0100 From: Pawel Jakub Dawidek To: Chris Palmer Message-ID: <20100128235535.GA1808@garage.freebsd.pl> References: <20100128182413.GI892@noncombatant.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <20100128182413.GI892@noncombatant.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 9.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jan 2010 00:15:10 -0000 --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 28, 2010 at 10:24:13AM -0800, Chris Palmer wrote: > See your copy of /usr/src/lib/libcrypt/crypt-md5.c: [...] > This algorithm is still the default on FreeBSD 8. (Blowfish is available = -- > but has it been tuned for slowness either? I have not checked.) The purpo= se > of these functions is to be slow, but the above has not been slow for yea= rs. > Hence this patch: [...] This is wrong approach. It should be done using PKCS#5v2 just like geli(8) does it. It even calculates number of iterations so the operation completes in reasonable amount of time on your machine (eg. 1 second). It also uses HMAC/SHA512. On some recent CPUs (amd64) it should be possible for 2^20 iterations to complete in reasonable amount of time. Even strong passwords have no more than five bits of entropy per character (probably much less if it is something possible to remember), so to brute-force one character you need 2^5 interations, which means that strong eight characters password needs 2^40 iterations for full brute-force. Adding 2^20 iterations of PKCS#5v2 makes it 2^60, which is not bad. Of course if we assume that 2^20 of PKCS#5v2 takes one second, then it will take ~34865 years to fully brute-force it on one machine. Although you can safely assume that if you really have something to hide, an attacker will be able to use 100.000 nodes botnet, which leaves you with only ~127 days to change your password:) Remember that this is login password we are talking about, not password used for encryption, so all you want to protect it against is theft of /etc/master.passwd. All in all static passwords are for the weak that's why we (Wheel Systems) believe in easy to use one-time passwords:) --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFLYiP3ForvXbEpPzQRAm3WAJ4hH23ttMVJ6d+ne2EskGXeoAC1ggCbBO3X wY6QiWo7b4BQczLpiYR/abI= =izMe -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw--