L'octidi 18 pluviôse, an CCXXV, Teemu Likonen a écrit : > I'm not expert in this area but from what I have read I'm quite sure > that 3DES is still very much safe. There are no known practical attack > methods and it's still used for serious encryption. I think you are mistaken. As a block cipher, even if there are no attacks against 3DES itself, it is considered unsafe like all block ciphers with 64-bits blocks due to birthday attacks. But that is not what we are talking about here. The 3DES-derived crypt() implementation is bad for nowadays passwords for (at least) two reasons. The first one is quite obvious: it only takes into account the first eight characters of the password. Try this: perl -e 'for (1, 2) { print crypt("abcdefgh$_", "XY"), "\n" }' You will get the same output for abcdefgh1 and abcdefgh2. The second reason is that it is way too fast, it makes off-line brute-force practical for passwords that are just a little too short. More modern crypt() implementations not only use the slower SHA-2 hashes, but they perform several thousands rounds of it. The default nowadays seems to be SHA-512 with 5000 rounds, allowing less than 400 runs per second on a 3.5 GHz Core i7. The required time is directly proportional to the number of rounds. Regards, -- Nicolas George
Attachment:
signature.asc
Description: Digital signature