UNIX passwords User password serves as key to encrypt known plaintext(64 bit zeroes) Encryption -modification of dEs, iterated 25 times 12 bit salt added -total 64+12=76 bits Salt taken from system clock, [a-zA-z0-9 / Alters expansion function of DES char*crypt(const char * key, const char*salt 復大软件学院
16 UNIX passwords • User password serves as key to encrypt known plaintext (64 bit zeroes) • Encryption - modification of DES, iterated 25 times • 12 bit salt added - total 64 + 12 = 76 bits – Salt taken from system clock, [a-zA-Z0-9./] – Alters expansion function of DES – char *crypt(const char *key, const char *salt);
Salt(使用加密技术生成的随机数) ◆ Unix password line walt: FURfuu4.4hYOU: 129: 129: Belgers: /home/walt: /bin/csh Compare Salt input Key Constant Ciphertext 25X DES Plaintext When password is set, salt is chosen randomly 18
18 Salt(使用加密技术生成的随机数) Unix password line walt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh 25x DES Input Salt Key Constant Plaintext Ciphertext Compare When password is set, salt is chosen randomly
Advantages of salt Without salt Same hash functions on all machines Compute hash of all common strings once Compare hash file with all known password files With salt One password hashed 2 12 different ways Precompute hash file? Need much larger file to cover all common strings Dictionary attack on known password file For each salt found in file, try all common strings NoW, SHa1 is recommended 19 復大软件学院
19 Advantages of salt • Without salt – Same hash functions on all machines • Compute hash of all common strings once • Compare hash file with all known password files • With salt – One password hashed 212 different ways • Precompute hash file? – Need much larger file to cover all common strings • Dictionary attack on known password file – For each salt found in file, try all common strings • Now, SHA1 is recommended