Friday, July 10, 2009

Md5sum

The purpose of a hash is ideally to create a number from an input that
cannot be reversed and cannot be forged. (Reversed means an attacker with
the hash output can "go backwards" and get the input.) (Forged means an
attacker with the output can make up another made up pass phrase which
generated the same hash.) Of course, asking just for the hash, is not good,
because someone not knowing the passphrase could easily just send the same
hash along.

Most of these problems (except reversing) can be fixed by adding a
negotiated preamble (IE random number) to the passphrase before hashing.
But this only works if the server is seperate from the user and knows the
passphrase. (For a local file on a local machine, this is an
impossibility)

MD5 has been broken, in that it is now known how to generate an input which
will cause a certain hashed output.

It just depends on how hard you want to make it. Every system has a
weakness. A very tech savvy person could reverse engineer your program,
find out your encryption, remake a new hash from a new password and drop it
into your file, effectively changing the password without ever knowing what
your old password was.

You need to decide what your threat model is. The dilema that you will
always come back to is this: If the computer is not secure then the
password is not secure. If the computer is secure, then what are you
worried about?

So if the only thing you are trying to do, is keep it from exceptionally
amateur hack attempts, then a simple file encoding would work (maybe a
simple XOR bit mask on every byte.)

If you don't want to compromise the users password to slightly more advanced
attacks, (since you know people are using the same password for everything)
then using a hash is a good idea. And in this model MD5 or SHA-256 would be
fine. I prefer SHA-256 because it feels 1337er to me. Same reason I use
Serpent instead of Rijndael

Just remember that there is always a way around security. Even the
infallible Compusec HSM (http://www.ce-infosys.com.sg/CeiProducts_HSM.asp)
can be easily taken over with a simple hardware keylogger, fingerprint
forgery and simple mugging (for the smart card) or just walk in while the
person is going pee.


is this some hip young dude speak? What is 1337er?


A technique was always "known": Brute force.

But I guess what you're referring to is some mathematical flaw in the
MD5 algorithm being discovered. I had read an article on that too, but from
my recollection, the weakness was rather theoretical and had little
practical impact. E.g. instead of using pure brute force and expecting to
crack the password in 20 billion years, you could use the weakness they
discovered and crack the password in 10 billion years. (Those were just
numbers off the top of my head, but they illustrate what I meant by 'little
practical impact').

In other words, if you're just doing amateur level security for local
programs, don't worry too much about "MD5 being broken" yet. As Luc alluded
to, suceptibility to reverse engineering is probably a far bigger risk for
you at this point.

No comments: