excessive SHA1 calls

Andrew Bartlett abartlet at samba.org
Sat Nov 26 06:29:00 GMT 2005

On Fri, 2005-11-25 at 12:26 +0100, Love Hörnquist Åstrand wrote:
> "Stefan (metze) Metzmacher" <metze at samba.org> writes:
> > Love Hörnquist Åstrand schrieb:
> >> The s2k(password,enctype) have the same property as the htlm hash, its a
> >> password equvalent. One reason the function is so slow and tunable slow is
> >> to make dictionary attacks very expensive. So storing the
> >> s2k(password,enctype) just next to the password is fine.
> >
> > is it correct that the client calls s2k() at kinit time?
> > how would that prevent from dictionary attacks when the client can just use a
> > tunned version?
> Because you tune the s2k over time, and tuneing can be done each time a
> user change their password. Today the factor is 4k, in 18month you can make
> that 8k and it will still take 0.4s per password.

How is that communicated to the clients?  For a client, I suppose it's
in the kinit with the salt, but for a server, which has (for reasons of
Microsoft network design) only a plaintext password, how does it know
what s2k tuning factor to use, to decrypt incoming tickets?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051126/01ade467/attachment.bin

More information about the samba-technical mailing list