[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Wed, 8 Dec 1999, Craig R.P. Heath wrote:

> No, you're right, that was the weakness I was thinking of.  I do think
> that collisions are of significant concern in password algorithm
> though.  If I'm doing an exhaustive search against an encrypted
> password, and there are actually four possible strings which hash to
> that value, then on average I will find a password that works four
> times more quickly.  Having said that, I'm sure collisions are possible
> with the libcrypt algorithm too, and I don't have any information as to
> which is worse.  I only wished to point out that MD5 wasn't necessarily
> better.

NT's NTLMv2 challenge / response algorithm is an impressive use of
HMAC_MD5 that includes username, domainname, servername, 8-byte client
challenge, 8-byte server challenge, 8-byte client timestamp - all without
actually ever sending the cleartext-equivalent password hash itself
over-the-wire.

code exists in the samba source tree (http://samba.org/cvs.html and
http://samba.org/cgi-bin/cvsweb/samba/source)

luke (samba team)




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []