reakce na amatersky clanek o bezpecnosti Linuxu

[David Rohleder]

malik na education.gov.sk (Dusan Malik) writes:

> Stale sa tu obajavuje, ze salt su iba 2 znaky (niekto)
> dokonca tvrdil, ze videl 3. 
> 
> Nuz ja som sa docital, ze su to "obvykle" 2 znaky a 
> zrejme nic nebrani, aby ich bolo viac.  
> 
> Na URL http://nmrc.org/faqs/hackfaq/hackfaq-4.html
> som dokonca nasiel:
> 4.6 What is a "salt"? 
> 
> To increase the overhead in cracking passwords, some
> algorithms employ salts to add further complexity and
> difficulty to the
> cracking of passwords. These salts are typically 2 to 8
> bytes in length, and algorithmically introduced to further
> obfuscate the
> one-way hash. On the major operating system covered here,
> only NT does not use a salt. The specifics for salts for
> both Unix
> and Netware systems are covered in their individual password
> sections. 
> 
> Takze ako to je? 
> 

Sul se pouziva pro umele zvetseni slovniku pri slovnikovem
utoku. Kazdy system si samozrejme muze zvolit, kolik znaku soli
pouzije. Cim vice znaku, tim vetsi musi byt pak slovnik. Unixu zrejme
v drivejsich dobach stacily dva znaky soli, takze se to ujalo u temer
vsech odrud. 

Pokud nekdo pouziva jiny pocet nez jsou dva znaky soli, tak je ovsem
nekompatibilni s ostatnimi unixy v tom smyslu, ze nelze jednoduse
prekopirovat hashovane heslo a pouzivat na jinem systemu (coz normalne
jde: muzete vzit hashe ze solarisu a pouzivat je v *BSD nebo linuxu).


-- 
-------------------------------------------------------------------------
David Rohleder						davro na ics.muni.cz
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------