your mail
Roeland M.J. Meyer
rmeyer at mhsc.com
Sat Dec 6 18:23:56 GMT 1997
At 02:27 07-12-97 +1100, Luke Kenneth Casson Leighton wrote:
>> The thing to keep in mind in password syncronization is that UNIX passwords
>> and NT (not LanMan) passwords cannot be decrypted from their respective
>> one-way hash ciphertexts. That is, you *cannot* convert through some
function
>> F:
>>
>> NT MD4 Hash = F(UNIX salted modified DES one-way hash); Not possible!
>>
>> or
>>
>> UNIX salted modified DES one-way hash = F(NT MD4 Hash); Not possible!
>>
>> [NOTE: You could probably brute-force the weaker LanMan passwords stored in
>> the SAM back to plaintext although this would be quite compute intensive.]
>
>or have a really big database...
I'll have to think about this one, but in the days of $300US, 6.5 GB
Ultra-DMA drives, this is no longer an expensive approach. The disk access
may be faster than the algorithm. The point being that some brute-force
approaches are now more feasible, like using the hash, as an index, to a
dbm file.
We've been working on a RDBMS system which uses a 200 GB, Ultra SCSI, RAID
array. Off-the-shelf parts, under $20KUS. We're, of course, charging $120K
for the product <grin>.
In DB terms, we're only talking about a Key->HASH relationship here.
___________________________________________________
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail: mailto:rmeyer at mhsc.com
Personalweb pages: http://www.mhsc.com/~rmeyer
Company web-site: http://www.mhsc.com/
___________________________________________
"The FBI doesn't want to read encrypted documents,
they want to read YOUR encrypted documents."
More information about the samba
mailing list