From owner-freebsd-security@FreeBSD.ORG Fri Jan 29 00:53:36 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B00371065676 for ; Fri, 29 Jan 2010 00:53:36 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-fx0-f226.google.com (mail-fx0-f226.google.com [209.85.220.226]) by mx1.freebsd.org (Postfix) with ESMTP id 3EEDB8FC14 for ; Fri, 29 Jan 2010 00:53:35 +0000 (UTC) Received: by fxm26 with SMTP id 26so10603fxm.13 for ; Thu, 28 Jan 2010 16:53:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=FTP5Lf8mr8iP4yzdpb9GuEAyJsEfDmX7ZA1pGvU3qb8=; b=krdt3HyzpO0EXSyzu2ad+OQjatwVt0dOyUnVT2ZkKXlFA09tKvKMj/2ScOnobR1Ovw sGM49GqQDCCXbXwOiwGvfPdLSzITKOWJj6pvF7/t8EbHLQmIPHBPREqOVMz8xpG6+nkh WBqEP6/QXwWta1y5jAepYxc0VNxU630yyId/U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=n/B0UOqbJOTqUptx3DmmdJi9Y1WYLzBi5ZM1gOuZpJcGnHWf+hDUkdBvC413OXkiPo IZIgf1SMxfIgs8IdYWbvfeoMAVuH5uEWAxMYuL78GO+pbcJXFpbmLZ0I+iZH7x26LZDz Un524sVWf25zYPDr3YG7CUIolz66FvhiLRuEk= Received: by 10.87.62.39 with SMTP id p39mr904363fgk.9.1264726413862; Thu, 28 Jan 2010 16:53:33 -0800 (PST) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 3sm2944668fge.11.2010.01.28.16.53.32 (version=SSLv3 cipher=RC4-MD5); Thu, 28 Jan 2010 16:53:32 -0800 (PST) Date: Fri, 29 Jan 2010 00:53:30 +0000 From: RW To: freebsd-security@freebsd.org Message-ID: <20100129005330.1694c20f@gumby.homeunix.com> In-Reply-To: <9d972bed1001281453k3ae9753r6aee18ba4c3c120a@mail.gmail.com> References: <20100128182413.GI892@noncombatant.org> <9d972bed1001281324r29b4b93bw9ec5bc522d0e2764@mail.gmail.com> <20100128224022.396588dc@gumby.homeunix.com> <9d972bed1001281453k3ae9753r6aee18ba4c3c120a@mail.gmail.com> X-Mailer: Claws Mail 3.7.4 (GTK+ 2.18.6; i386-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: PHK's MD5 might not be slow enough anymore X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jan 2010 00:53:36 -0000 On Thu, 28 Jan 2010 17:53:30 -0500 Roger wrote: > > > > The point of slowing down the algorithm is to protect against > > off-line attack where an attacker has gained access to a copy of > > master.passwd. > > When say "off-line attack" do you refer to the attacker running a > brute force attack on his/her machine? Yes > I'm assuming that by using a slow algorithm the attacker is forced to > use the same slow algorithm to check the passwords? Hopefully > > Any hashing has to be done when the password is set, so it's fixed > > thereafter. > The thread is about password hashing, which is not a mechanism to slow-down and back-off login attempts.