[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secprog
Subject:    Re: Preventing Dictionary Attacks
From:       Bronek Kozicki <brok () RUBIKON ! PL>
Date:       2001-04-27 14:23:14
[Download RAW message or body]

> * Adrian Ho <lexfiend@usa.net> [010409 16:51]:
> > On Fri, 6 Apr 2001, Wall, Kevin wrote:
> >
> > > I almost certainly am forgetting some safeguards useful in mitigating
> > > dictionary attacks, but I'm sure others on this list will remind me.
;-)
> >
> > One-time passwords?
>
> Of course, I bet I could design a one-time password system that doesn't
> use iterated hashes but it would probably still be vulnerable to one of
> dictionary or iterated off-line attacks.

Hi

take pre-shared secret N, 128 bits (or longer). Take pre-shared number n,
somewhere between 2 - 1000 (or even more). Calculate MD5 n times from N,
lets call it Nn = MD5(n)(N) . Authenticate with Nn against server which
knows N and n . Decrease n by one - or other number agreed with server in
secured transaction. With this algorithm you may use the same pre-shared
secret at most (n - 1) times. Of course, how big n is strongly depends on
implementation of MD5 you are using. Fortunately, you may pre-calculate
passwords before authentication.

This algorithm is - of course - not my idea, but it does not use iterated
hashes. For this reason it would be secure against many kinds of attacks.
It's weak point are obvious: time to calculate MD5 (or space to keep
pre-calculated passwords) and necessity to keep more than one secret data.

Regards

B.

[prev in list] [next in list] [prev in thread] [next in thread]