[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OPIE and S/Key authentication

On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote:
> Stanislav Maslovski <stanislav.maslovski@gmail.com> writes:
> 
> > What do you say, can MD5-based OPIE system be still considered secure?
> > In the repository there are opie-server and opie-client.
> 
> > Do I understand right that the strength of this system is the strength of
> > one step of MD5? Are there any alternatives where a different hashing
> > function can be choosen (if that is advisable)?
> 
> The weakness in MD5 is not yet of the type that is likely to compromise
> OPIE systems, IMO.  The attacker still has to have quite a lot of control
> over what's being compared.  Of course, changing to a better hash
> algorithm is still a good idea.

Another thing that bothers me is that OPIE's hash is 64 bits. If the
infamous birthday attack applies here than only about 2^32 tries are needed
to find a 64 bit sequence with a hash that will collide with the last OPIE
password (which is assumed to be seen by an intruder).

-- 
Stanislav
Reply to: