[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [R7-0035] VxWorks Authentication Library Weak Password Hashing

To: HD Moore <HD_Moore@xxxxxxxxxx>
Subject: Re: [R7-0035] VxWorks Authentication Library Weak Password Hashing
From: Solar Designer <solar@xxxxxxxxxxxx>
Date: Tue, 3 Aug 2010 19:55:41 +0400

On Mon, Aug 02, 2010 at 11:55:05PM -0400, HD Moore wrote:
> -- Vendor Response:
> Wind River Systems has notified their customers of the issue and
> suggested that each downstream vendor replace the existing hash
> implementation with SHA512 or SHA256.

Like, without salting and stretching/strengthening?  That's not the best
suggestion.  I try to explain this without going into too much detail here:

http://www.openwall.com/articles/PHP-Users-Passwords#salting

At this time, vendors should implement either bcrypt (Blowfish-based):

http://www.openwall.com/crypt/

or SHA-crypt (usually the kind of it based on SHA-512, because that
makes better use of 64-bit CPUs):

http://www.akkadia.org/drepper/sha-crypt.html

There's almost no security difference between these two.  Both should
be replaced with something even better eventually - along the lines of
scrypt (adding more parallelism and configurable memory cost) - but
we're not ready for that yet (no peer-reviewed and agreed upon
implementation to recommend to vendors, even though some ideas in this
area have been floating around since 1990s).

Alexander

References:
- [R7-0035] VxWorks Authentication Library Weak Password Hashing
  - From: HD Moore

Prev by Date: [DCA-0009] - NetWordDLS Finger Server Denial of Service
Next by Date: [SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability
Previous by thread: [R7-0035] VxWorks Authentication Library Weak Password Hashing
Next by thread: [DCA-0003] Simple Web Server DoS
Index(es):
- Date
- Thread