L'octidi 18 pluviôse, an CCXXV, Teemu Likonen a écrit :
> I'm not expert in this area but from what I have read I'm quite sure
> that 3DES is still very much safe. There are no known practical attack
> methods and it's still used for serious encryption.
I think you are mistaken.
As a block cipher, even if there are no attacks against 3DES itself, it
is considered unsafe like all block ciphers with 64-bits blocks due to
birthday attacks. But that is not what we are talking about here.
The 3DES-derived crypt() implementation is bad for nowadays passwords
for (at least) two reasons.
The first one is quite obvious: it only takes into account the first
eight characters of the password. Try this:
perl -e 'for (1, 2) { print crypt("abcdefgh$_", "XY"), "\n" }'
You will get the same output for abcdefgh1 and abcdefgh2.
The second reason is that it is way too fast, it makes off-line
brute-force practical for passwords that are just a little too short.
More modern crypt() implementations not only use the slower SHA-2
hashes, but they perform several thousands rounds of it. The default
nowadays seems to be SHA-512 with 5000 rounds, allowing less than 400
runs per second on a 3.5 GHz Core i7. The required time is directly
proportional to the number of rounds.
Regards,
--
Nicolas George
Attachment:
signature.asc
Description: Digital signature