Hi, Von: Greg Stein [mailto:gst...@gmail.com] >On Mar 27, 2012 12:55 AM, "Daniel Shahaf" <d...@daniel.shahaf.name> wrote: > >... > > > On 27.03.2012 05:23, Greg Stein wrote: > > > >... > > > > While discussing this on IRC some, I did think of one case where you > > > > want to know they got the correct master passphrase: when they are > > > > updating a server's password. A mis-entry could completely garble the > > > > stored/encrypted contents. > > > > Don't ew have some other ways of addresing that use-case? Such as, say, > > encrypting a random string, and at decrypting compare the decrypted > > text's sha1 to the value computed at encryption time?
> There ya go. I knew we could tease out a solution. That sounds good to me. > So, for each password, we store two more 16-byte blocks of encrypted data, > and a SHA1 has (20 bytes). At decrypt time, we also decrypt those blocks, > hash the 32 byte result, and compare against the hash. > I would also suggest that we append those two blocks to the padded password, > so they get the advantage of CBC, without needing to pick a second IV. I know I'm supposed to shut up, but AFAICS, this design does not prevent the offline dictionary attacks mentioned by Greg Hudson. It is solving the "known plaintext" problem of the simpler implementation, though. Best regards Markus Schaber -- ___________________________ We software Automation. 3S-Smart Software Solutions GmbH Markus Schaber | Developer Memminger Str. 151 | 87439 Kempten | Germany | Tel. +49-831-54031-0 | Fax +49-831-54031-50 Email: m.scha...@3s-software.com | Web: http://www.3s-software.com CoDeSys internet forum: http://forum.3s-software.com Download CoDeSys sample projects: http://www.3s-software.com/index.shtml?sample_projects Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
