On Tue, 05 Nov 2002 13:01:28 PST, Craig Minton <CraigSecurity@blazemail.com> said: > Is SHA-1 any more suseptible to attack, brute-force or cr ypto-analytic, than > triple-DES? My 2nd edition copy of Applied Cryptography states that there is > no known crypto-analytic attack known for SHA-1, but that book is now several > years old. I'd not worry about crypto cracks against either one. If your system is so secure that the difference matters, you'd not be asking here(*) ;) Seriously - all the *OTHER* issues with passwords - people who use their dog's name, people who write them on post-it notes, help desks that can be social engineered into giving out the VP's password(**), protocols like telnet and FTP (and often POP) that send cleartext passwords - are a *MUCH* bigger threat than the crytographic difference in strength between 3DES and SHA-1. Something to do in *either* case is to see if you can support longer passphrases rather than an 8 or 16 byte password. Even a 16 byte password probably has only 40-50 bits of entropy, and it doesn't matter HOW much stronger the crypto is. I'm surprised you have "only" SHA-1 and 3DES. If you want to use MD5 instead, there's a perfectly suitable reference implementation in RFC1321, available at: http://www.rfc-editor.org/rfc/rfc1321.txt -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech (*) Yes, there are sites that are secure/paranoid enough that the difference matters. Their systems staff aren't allowed to ask stuff like this on public forums. ;) (**) Kevin Mitnick was the master of this attack. The usual method is to dumpster-dive or other means get an "important" name, and then call the help desk and say "I'm Joe Smith, the new VP of whatever - I'm at a client's site and can't get into the corporate net, can you reset my password so I can get the documents I need to close this very important deal?". Devastatingly effective.
This archive was generated by hypermail 2b30 : Sat Nov 09 2002 - 18:56:32 PST