[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secure Drive insecure? NOT

To: [email protected]
Subject: Secure Drive insecure? NOT
From: Mike Ingle <[email protected]>
Date: Wed, 06 Jul 1994 02:11:34 -0400 (EDT)
Sender: [email protected]

[email protected] "Roger Bryner" wrote:  

>Again, the only way that MD5 can keep the entropy of a string is for 
>every single 128 bit string to map itself onto a unique 128 bit string, 
>for if two 128 bit strings produce the same output, then you loose entropy.
>
>The question is, when md5 is restricted to 128 bit values, does it loose 
>entropy, and if so how much?  As much as a random mapping?  if so, the 
>1024 bit itteration in secure drive HARMS security.

BZZZT! Read the code...

MD5Init(&md5buf);
MD5Update(&md5buf,pass1,strlen(pass1));
MD5Final(key,&md5buf);

for(k=0;k<PASS_ITER;k++) {
  MD5Init(&md5buf);
  MD5Update(&md5buf,key,16);                           | Hmmm?!?
  MD5Update(&md5buf,pass1,strlen(pass1));   <----------| I wonder what
  MD5Final(key,&md5buf);                               | that line does?
  }

Notice that the passphrase is included in each of the hashings.
How can MD5(passphrase+16-byte hash) have lower entropy than
MD5(passphrase)? The iteration just makes it slower to crack pass-
phrases. Version 1.0, which used a single MD5, could be attacked
at the rate of 1000 per second on a PC.

--- Mike

1994: Wiretapping is privacy
      Secrecy is openness
      Obscurity is security

Follow-Ups:
- Re: Secure Drive insecure? NOT
  - From: Roger Bryner <[email protected]>

Prev by Date: Re: Passwords/Safes/PINs funny story
Next by Date: Re: MD5 is 1=>1?
Prev by thread: RE: "Cypherpunk" vs. "Cryptorebel"
Next by thread: Re: Secure Drive insecure? NOT
Index(es):
- Date
- Thread