Adam Shostack (adam@homeport.org)
Wed, 24 Mar 1999 10:16:17 -0500
(I've added the CodherPlunks list to the cc line. CodherPlunks is a list
for people doing crypto implementation. Talk to majordomo@toad.com if
you want to join. Oliver has written a program called gpassman, a
password storage app for linux boxes, and we've been talking a
little. I wanted to get review on my answer to q2.)
On Wed, Mar 24, 1999 at 04:45:32PM +1000, Olivier Sessink wrote:
| Hi,
|
| some questions about the encryption of gpasman:
|
| 1) is it better to save the salt to a different file, or can I just save
| it as the first bytes of the file? And you proposed using /dev/random but
| that makes gpasman non-portable since that's not available on all unix
| platforms, what about using rand() ?
Makes little difference for a seed. Using srand() is ok, I'd use a
if (! open(/dev/random) {sseed(); srand();} sort of thing.
| 2) is it possible with the current algorithm to check whether the password
| (and the decryption) was correct or not?
The difficulty with doing this is that if you have something in the
ciphertext that is known, then you have a known plaintext attack. You
may be able to get by this by putting in a bunch of pseudo random
crap, and storing the md5 of that in plaintext. To confirm your
decrypt, you md5 the first 128 bits of decrypted ciphertext, and if
that matches what you've stored, you're ok.
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:50