[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: thinking about AES, VIA and the bad guys

To: rembrandt <rembrandt@jpberlin.de>
Subject: Re: thinking about AES, VIA and the bad guys
From: Damien Miller <djm@mindrot.org>
Date: Sun, 02 May 2004 12:36:51 +1000
Cc: misc@openbsd.org
References: <20040502034829.7a4a64b0.rembrandt@jpberlin.de>
User-Agent: Mozilla Thunderbird 0.5 (X11/20040312)

rembrandt wrote:
> And what will happen if he rewrite 'john' a littlebit to play with oBSD
> and the AES-Engine?

1. If your attacker has master.passwd, then she has root and you are
already screwed.

2. If your user's can't choose sane passwords, then nothing will
help you.

3. You can make the password hashing more computationally expensive
(this was a design criteria). See "localcipher" in login.conf.
This control is logarithmic: each increment doubles the number of
rounds used (i.e "10" is four times more work than "8".)

-d

References:
- thinking about AES, VIA and the bad guys
  - From: rembrandt <rembrandt@jpberlin.de>

Prev by Date: Re: thinking about AES, VIA and the bad guys
Next by Date: OT: milter-spamd
Prev by thread: Re: thinking about AES, VIA and the bad guys
Next by thread: OT: milter-spamd
Index(es):
- Date
- Thread