[148727] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: [Cryptography] Why don't we protect passwords properly?

daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Dec 25 22:02:22 2013

X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Dec 2013 18:25:57 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <1172348720.20131225120303@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

TGV0IG1lIHRyeSB0byBkZXNjcmliZSB3aGVyZSBJJ20gY29taW5nIGZyb20uIFRoZSB3YXkgSSBz
ZWUgaXQsIAp3ZSBsaXZlIGluIGEgd29ybGQgd2hlcmUgbWFqb3IgcG9ydGlvbnMgb2Ygb3VyIG9u
bGluZSBsaWZlIGFyZSAKdW5kZXIgY29uc3RhbnQgYXR0YWNrIGZyb20gYWR2ZXJzYXJpZXMgd2l0
aCBmYXIgZmV3IHJlc291cmNlcyAKdGhhbiB0aGUgTmF0aW9uYWwgU2NhbGUgQWR2ZXJzYXJpZXMg
KE5TQXMpIHdlIGFsbCB3b3JyeSBhYm91dC4gCkluIGFkZGl0aW9uIHRvIHRoZXNlIHJ1bi1vZi10
aGUtbWlsbCBhdHRhY2tzLCBJIGV4cGVjdCB0aGUgTlNBcyAKYXJlIHF1aXRlIGJ1c3kgZG9pbmcg
aW5kdXN0cmlhbCBzcHlpbmcgZm9yIHRoZWlyIG5hdGlvbmFsIApjaGFtcGlvbnMsIGEgc2l0dWF0
aW9uIHdoaWNoIHNob3VsZCB3b3JyeSBhbnkgdGVjaG5vbG9neSBjb21wYW55LgoKT24gMTIvMjUv
MTMgYXQgMzowMyBBTSwgcGludGVya3JAZ21haWwuY29tIChLcmlzenRpw6FuIFBpbnTDqXIpIHdy
b3RlOgoKPndlIGFsd2F5cyBsZWFybiB2ZXJ5IGxhdGUgd2hlbiBhbiBhdHRhY2sgZ29lcyBmcm9t
IHRoZW9yZXRpY2FsIHRvCj5wcmFjdGljYWwuLi4KClRoaXMgc3RhdGVtZW50IGlzIG5vdCB1bml2
ZXJzYWxseSB0cnVlLiBJdCB0YWtlcyBvbmx5IG9uZSAKZXhhbXBsZSB0byBwcm92ZSBteSBzdGF0
ZW1lbnQuIFNob3J0bHkgYWZ0ZXIgREVTIHdhcyAKc3RhbmRhcmRpemVkIHdpdGggaXRzIDU2IGJp
dCBrZXksIHNvbWUgcGVvcGxlIHB1Ymxpc2hlZCBhIHBhcGVyLCAKSSB0aGluayBXaGl0IERpZmZp
ZSB3YXMgb25lIG9mIHRoZSBhdXRob3JzLCBzdWdnZXN0aW5nIHRoYXQgYSAKREVTIGNyYWNraW5n
IG1hY2hpbmUgY291bGQgYmUgYnVpbHQuIEFueW9uZSB3YW50aW5nIHRvIHVzZSBERVMgCmNvdWxk
IGluY2x1ZGUgdGhhdCBwdWJsaXNoZWQgcGFwZXIgaW4gdGhlaXIgcmlzayBhbmFseXNpcy4gQXQg
CnRoZSB0aW1lIG9mIGNvdXJzZSwgb25seSBOU0FzIGhhZCB0aGUgYnVkZ2V0IGZvciBzdWNoIGEg
bWFjaGluZS4gCk1hbnkgeWVhcnMgbGF0ZXIgTW9vcmUncyBsYXcgYWxsb3dlZCB0aGUgRUZGIHRv
IGJ1aWxkIHRoZSBmaXJzdCAKcHVibGljbHkgYWNrbm93bGVkZ2VkIERFUyBjcmFja2VyLgoKSG93
ZXZlciwgZ2l2ZW4gdGhlIGN1cnJlbnQgc2VjdXJpdHkgc2l0dWF0aW9uLCBJIGFtIGZpbmQgd2F5
cyBvZiAKcHJvdGVjdGluZyBhZ2FpbnN0IGF0dGFja3Mgd2hpY2ggYXJlbid0IHNlZW4gaW4gcHJh
Y3RpY2UgYXQgYmVzdCAKb2YgYWNhZGVtaWMgaW50ZXJlc3QuIERpc2NvdmVyaW5nIHByb3RlY3Rp
b25zIGlzIGEgZnVuIGV4ZXJjaXNlLCAKYnV0IGl0IGlzbid0IGFkZHJlc3NpbmcgdGhlIHByb2Js
ZW1zIHdoaWNoIGFyZSBraWxsaW5nIHVzIHRvZGF5LgoKSWYgb25lIGJlbGlldmVzIFNub3dkZW4s
IG91ciBhbGdvcml0aG1zIGFyZSBPSywgYnV0IG91ciAKcHJvdG9jb2xzIGFuZCBwcm9jZWR1cmVz
IGFyZSBxdWVzdGlvbmFibGUuIEZvciBteSBwYXJ0LCBJIHdvcnJ5IAphYm91dCByYW5kb20gbnVt
YmVyIGdlbmVyYXRvcnMsIENBcywgc3BlYXIgcGhpc2hpbmcsIGFuZCB0aGUgCkhvb3ZlcmluZyBv
ZiB1bmVuY3J5cHRlZCBtZXRhZGF0YS4gVGhlcmUgYXJlIHByb2JhYmx5IG90aGVyIAp0aGluZ3Mg
SSBzaG91bGQgd29ycnkgYWJvdXQsIGJ1dCBzaWRlIGNoYW5uZWwgYXR0YWNrcywgRU0gCmVtaXNz
aW9uLCBhbmQgcG93ZXIgYW5hbHlzaXMgZG9uJ3Qgc2VlbSB0byBiZSBhIHJlYWwgdGhyZWF0IHRv
IAptZSBhbmQgbXkgbGFwdG9wLiAoR0l2ZW4gdGhlIGN1cnJlbnQgc3RhdGUgb2YgT1Mgc2VjdXJp
dHksIGl0IGlzIAplYXNpZXIgZm9yIGFuIGF0dGFja2VyIHRvIGdldCByb290IHRoYW4gdG8gc2V0
dXAgdG8gdXNlIGFueSBvZiAKdGhlc2UgYXR0YWNrcy4pCgpBY2hpZXZpbmcgc2VjdXJpdHkgaW4g
dG9kYXlzIG5ldHdvcmsgd29ybGQgaW4gYSBmYXNjaW5hdGluZyAKY29tYmluYXRpb24gb2YgdGVj
aG5vbG9neSwgcHN5Y2hvbG9neSwgZWNvbm9taWNzLCBhbmQgcG9saXRpY3MuIApQdXJlIHRlY2hu
aWNhbCBzb2x1dGlvbnMgZG9uJ3QgY3V0IGl0IG5vdywgYW5kIGFzIEkgbGVhcm5lZCBsYXRlIApp
biBteSBjYXJlZXIsIG5ldmVyIGRpZC4KCgo+Pk9LLCB3aGVuIGlzIHRoZSBjb2xkIGJvb3QgYXR0
YWNrIGEgcHJhY3RpY2FsIGF0dGFjaz8KPgo+eWVwLCB0aGlzIGlzIHRoZSBnYW1lIHdlICh5b3Ug
YW5kIGkpIGFyZSBwbGF5aW5nIHJpZ2h0IG5vdywgYnV0IHRoaXMKPmlzIGEgZ2FtZSBpIHJlZnVz
ZSB0byBwbGF5LgoKU28geW91IGhhdmUgbm8gcmVhbGlzdGljIGF0dGFjayBtb2RlbC4gQW5kIEkg
Z2F2ZSB5b3UgYXQgbGVhc3QgCnR3byBpbiBhIHByZXZpb3VzIGVtYWlsIGFsb25nIHdpdGggYSBw
cmFjdGljYWwgcHJvdGVjdGlvbiAKYWdhaW5zdCB0aGVtLiBTYWQsIHdpdGggc28gbWFueSBhdHRh
Y2sgbWV0aG9kcyB0aGF0IGFyZSAKc3VjY2VlZGluZyB0b2RheSwgdG8gc3BlbmQgdGltZSB3b3Jy
eWluZyBhYm91dCBjb2xkIGJvb3QuCgoKPj5pdCBodXJ0cywgZG9uJ3QgZG8gaXQuCj4KPm9yIG1h
a2UgaXQgbm90IGh1cnQuIGkgdGhpbmsgdGhpcyBsYXR0ZXIgaXMgdGhlIG1vcmUgbW9kZXJuIGFw
cHJvYWNoLAo+YXQgbGVhc3QgaW4gbWVkaWNpbmUuIHRoZSBkb24ndCBkbyBpdCBhcHByb2FjaCBp
cyBtb3JlIG1lZGlldmFsLgoKU28gbG9uZyBhcyB5b3UgY2FuIG1ha2UgaXQgbm90IGh1cnQuIEV2
ZW4gbW9kZXJuIG1lZGljaW5lIGNhbid0IAptYWtlIGV2ZXJ5dGhpbmcgbm90IGh1cnQuIFdoZW4g
SSBmZWxsIDQgbWV0ZXJzIGluIGEgY2F2ZSwgaXQgCmh1cnQuIEkgaW50ZW5kIHRvIHRyeSB2ZXJ5
IGhhcmQgbm90IHRvIGZhbGwgYWdhaW4uCgpTb21lIG9mIHRoZSB0aW1pbmcgYXR0YWNrcyBiZXR3
ZWVuIFZNcyBydW5uaW5nIG9uIGNvbW1vbiAKaGFyZHdhcmUgc2VlbSB2ZXJ5IGhhcmQgdG8gcHJv
dGVjdCBhZ2FpbnN0LiBXaXRoIGN1cnJlbnQgCnRlY2hub2xvZ3kgZGVkaWNhdGVkIGhhcmR3YXJl
IGlzIGNsZWFybHkgdGhlIGNoZWFwZXIgY2hvaWNlLiBUaGUgCnNhbWUga2luZCBvZiBhcmd1bWVu
dCBhcHBsaWVzIHRvIHNvdXJjZXMgb2Ygc2VjdXJlIHJhbmRvbSAKbnVtYmVycy4gSWYgeW91IG5l
ZWQgdG8gZ2VuZXJhdGUgYSBTU0gga2V5IGVhcmx5IGluIGJyaW5naW5nIHVwIAphIHN5c3RlbSwg
ZWl0aGVyIGluY2x1ZGUgYSBoYXJkd2FyZSBVU0IgcmFuZG9tIHNvdXJjZSwgb3IgcGx1ZyAKaW4g
YSBLVk0gYW5kIHJ1biB0aGUgbW91c2UgYXJvdW5kIG9uIHRoZSBzY3JlZW4uIERvbid0IApjb21w
cm9taXNlIHlvdXIgc2VjdXJpdHkgZm9yIGVhc2Ugb2YgYWRtaW5pc3RyYXRpb24gdW5sZXNzIGl0
IGlzIAphIGxvdyBzZWN1cml0eSBzeXN0ZW0uCgoKSSBsaWtlIEplcnJ5J3MgYW5hbHlzaXM6CgpP
biAxMi8yNS8xMyBhdCA3OjA1IEFNLCBsZWljaHRlckBscncuY29tIChKZXJyeSBMZWljaHRlcikg
d3JvdGU6Cgo+W011Y2ggcmVhbGx5IGdvb2Qgc3R1ZmYgY3V0XS4uLgo+Cj5JdCdzIG5vdyAoYW5k
IGhhcywgcmVhbGx5LCBiZWVuIGZvciBhIHdoaWxlKSBhIGJpZy1hc3MgCj5lbmdpbmVlcmluZyBw
cm9ibGVtLiAgQW5kIGFzIEkgdXNlZCB0byB0ZWxsIG15IE9TIGNsYXNzZXMsIAo+ZW5naW5lZXJp
bmcgaXMgYWxsIGFib3V0IHRyYWRlb2Zmcy4uLgo+Cj5TbyBJIGV4cGVjdCB0byBzZWUgbWFueSBt
b3JlIGRpc2N1c3Npb25zIGFib3V0IHNlY3VyaXR5IAo+d2FuZGVyaW5nLCBhcyB3ZSdyZSBubyBs
b25nZXIgY2VydGFpbiBhYm91dCB3aGF0IHNlY3VyaXR5IAo+bWVhbnMuICBZZXMsIHdvcnRod2hp
bGUgc2VjdXJpdHkgZGViYXRlcyBzdGFydCB3aXRoIGEgCj5kZWZpbml0aW9uIG9mIHRoZSBhdHRh
Y2tzIHRvIGJlIGRlZmVuZGVkIGFnYWluc3Q7IG9yLCBldmVuIAo+YmV0dGVyLCBvZiB0aGUgcmlz
a3MgYW5kIGNvc3RzIGFzc29jaWF0ZWQgd2l0aCBkaWZmZXJlbnQgCj5hdHRhY2tzIGFuZCBkZWZl
bnNlcy4gIEJ1dCBnaXZlbiB0aGUgaHVnZSBzcGVjdHJ1bSBvZiBlbnRpcmVseSAKPmRpZmZlcmVu
dCBjbGFzc2VzIG9mIHJpc2tzLCBhbmQgdGhlIHZlcnkgZGlmZmVyZW50IGxpa2VsaWhvb2RzIAo+
YW5kIGNvc3RzIGRpZmZlcmVudCBwZW9wbGUgd2lsbCBhc3NpZ24gdG8gdGhlbSAuLi4gdG8gYWNj
ZXB0IAo+YWdyZWVtZW50IG9uIHdoYXQgYXJlLCBhdCBiYXNlLCB0aGUgKmdvYWxzKiBpcyBpbmNy
ZWFzaW5nbHkgZm9sbHkuCgoKQ2hlZXJzIC0gQmlsbAoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KQmlsbCBGcmFu
dHogICAgICAgIHxTZWN1cml0eSwgbGlrZSBjb3JyZWN0bmVzcywgaXN8IFBlcml3aW5rbGUKKDQw
OCkzNTYtODUwNiAgICAgIHxub3QgYW4gYWRkLW9uIGZlYXR1cmUuIC0gQXR0ci18IDE2MzQ1IApF
bmdsZXdvb2QgQXZlCnd3dy5wd3Bjb25zdWx0LmNvbSB8aWJ1dGVkIHRvIEFuZHJldyBUYW5lbmJh
dW0gICAgfCBMb3MgR2F0b3MsIApDQSA5NTAzMgoKX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX18KVGhlIGNyeXB0b2dyYXBoeSBtYWlsaW5nIGxpc3QKY3J5cHRv
Z3JhcGh5QG1ldHpkb3dkLmNvbQpodHRwOi8vd3d3Lm1ldHpkb3dkLmNvbS9tYWlsbWFuL2xpc3Rp
bmZvL2NyeXB0b2dyYXBoeQ==

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[148727] in cryptography@c2.net mail archive

Re: [Cryptography] Why don't we protect passwords properly?

daemon@ATHENA.MIT.EDU (Bill Frantz)Wed Dec 25 22:02:22 2013

daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Dec 25 22:02:22 2013
