Re: md5 again

On Tue, 11 Jul 2000, Tom Lane wrote:

> Vince Vielhaber <vev(at)michvhf(dot)com> writes:
> > Simple dictionary passwords. Run them thru a script and compare the
> > output.
>
> I was under the impression we'd prevented that by use of a random salt
> chosen on-the-fly for each login attempt ... have to go reread the
> thread to be sure though.

When I went back and reread the thread, it was PG sending the random
salt. The username, password and random salt were hashed and sent
back. Therefore the username and random salt have both been on the
wire in the clear.

> In any case, if your threat model is a dictionary attack, what's to
> stop the attacker from using a dictionary of likely usernames as well?
> I still don't see much security gain from hashing the username.

dictionary of likely usernames: tgl, vev, buzz, wood_tick, ... Now
that'd be a dictionary! If only the random salt were on the wire, the
attacker would need to guess both the username and the password.

Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================