Menu
▾
▴
Re: [Firebird-devel] crypt plugins
|
From: Mark O'D. <mar...@fi...> - 2004-09-24 05:26:53
|
Hi Alex / Jim all. Alex Peshkov wrote: > Jim Starkey wrote: > >> >> The SHA hashes are considered by security >> experts to be secure. Both SHA-1 and MD5 are still considered secure. > > May be - I trusted information reported by someone (Mark ? Sorry, don't > remember exactly) in fb* lists, that current hashes are not enough > strong for brutforce. I didn't try myself. > The DES hash currently used in firebird (single DES8, not to be confused with tripple-DES) is pretty easily breakable. Using special hardware: 1998 $200,000 4.5days. http://www.schneier.com/crypto-gram-9808.html#descracker 2001 : $1,000 25.4hours http://ece.gmu.edu/crypto/ches02/talks_files/Bond.pdf A few years ago, someone else had a farm of 100MHz SUN workstations, (10 or so) and it took a week. Nowadays, nobody reports it anymore since it's pretty easy. >> >>> >>>> Trying to hide the hash is completely pointless. >>> No it's not - although that was the thinking in the 70's - and is why shadow password files were introduced to unix in the 80's. If you can get a list of encrypted passwords (say security.fdb) you can take them off to your own datacenter, then point your own cray cluster at them, to blaze away. That's less secure than having to politely try and logon to the system you are trying to break into, to test each combination, where hopefully after three login attempts you get either a delay or locked out. > >> >>> >>>> Hiding it in an ineffective manner is less than pointless. Communications will the client, over the net, should be done over ssl. It's usual to send a password to the server, over ssl, but so the server can read the raw password. Hiding the users password in security.fdb so it is not visible to users other than sysdba is effective. >> >> >> Yes, it is pointless. You can't block embedded access if the file >> can be read. All you can do is make it moderately inconvenient. >> Don't confuse "inconvenient" with "secure". > Classic/embeded has no security, other than you trust implictly the client. But that is also often acceptable, for instance when your "client" is actually a server (say an application server) itself. Cheers Mark |
