[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: EPS support in future pam_unix replacement

> > 
> > Let me also suggest something: stop using non-iterated SHA-1 hashes
> > before they're used any wider.  Use a modern iterated hash intended
> > for passwords instead.  It would be best to use crypt(3) available on
> > the system, and let the administrator choose the hashing method (with
> > a prefix/count pair).
> Why?  The combination of SHA1 and modexp used in EPS seems to give a
> pretty good level of security.

SHA1 alone is probably secure enough as a cryptographic hash.  It's not
the point I was making.

> If it makes you feel any better, the
> hash can be iterated if an optional count is specified.

Yes, it does make me feel better: my users need to memorize secrets
that are ~16 bits smaller.

I suggest that you also drop SHA1 and use one of the hashes already
provided by the system via crypt(3), as these hashes will change to
meet the properties we will want from them in the future (I already
have some concerns on bcrypt).

> > With the SHA-1 hashes, I'd rather avoid using SRP/EPS on my systems.
> I don't understand this comment - the EPS hashes work pretty well on my
> systems, and SRP solves a bunch of network security problems once EPS
> passwords are set.

_Network_ protocol security problems, yes, but with your current
implementation, this is done at the expense of the ease of recovering
from a successful break-in.  This is what I don't like.

Please, CC me on your pam-list replies, or let's move to private mail
as this isn't really a PAM topic.

Solar Designer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []