Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.017 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'algorithm': 0.04; 'attribute': 0.07; 'modify': 0.07; 'see.': 0.07; 'tries': 0.07; '"my': 0.09; 'assuming': 0.09; 'attack.': 0.09; 'bits': 0.09; 'hour.': 0.09; 'logic': 0.09; "person's": 0.09; 'security.': 0.09; 'style.': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; "wouldn't": 0.14; '(another': 0.16; '(assuming': 0.16; '(it': 0.16; '*real*': 0.16; '23,': 0.16; 'finder': 0.16; 'finder.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'hashes': 0.16; 'password,': 0.16; 'regex,': 0.16; 'reversing': 0.16; 'saying.': 0.16; 'words.': 0.16; 'so.': 0.16; 'wrote:': 0.18; '(not': 0.18; 'year,': 0.18; 'written': 0.21; 'code,': 0.22; 'coding': 0.22; 'separate': 0.22; 'cc:addr:python.org': 0.22; 'satisfying': 0.24; 'script.': 0.24; 'fairly': 0.24; 'cc:2**0': 0.24; "i've": 0.25; 'source': 0.25; 'equivalent': 0.26; 'push': 0.26; 'header:In-Reply-To:1': 0.27; 'idea': 0.28; 'am,': 0.29; 'words': 0.29; 'absolute': 0.30; 'dec': 0.30; 'said,': 0.30; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; '(which': 0.31; 'gives': 0.31; 'code': 0.31; 'that.': 0.31; '3.2': 0.31; 'embedding': 0.31; 'obscure': 0.31; 'second,': 0.31; 'with,': 0.31; 'probably': 0.32; 'figure': 0.32; 'run': 0.32; 'another': 0.32; 'checking': 0.33; 'style': 0.33; 'could': 0.34; 'common': 0.35; 'something': 0.35; 'no,': 0.35; 'test': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'version': 0.36; 'really': 0.36; 'raising': 0.36; 'doing': 0.36; "didn't": 0.36; 'shows': 0.36; 'useful': 0.36; 'similar': 0.36; 'requirements': 0.37; 'level': 0.37; 'being': 0.38; 'rather': 0.38; 'supporting': 0.39; 'according': 0.40; 'how': 0.40; 'even': 0.60; 'skip:u 10': 0.60; 'read': 0.60; 'easy': 0.60; 'dave': 0.60; 'letters': 0.60; 'most': 0.60; 'effective': 0.61; 'took': 0.61; "you're": 0.61; 'first': 0.61; 'back': 0.62; "you've": 0.63; 'guarantee': 0.63; 'personal': 0.63; 'such': 0.63; 'more': 0.64; 'total': 0.65; 'talking': 0.65; 'hours': 0.66; 'compliant': 0.68; 'hour': 0.70; 'subject:Hello': 0.72; 'capital': 0.73; 'eight': 0.74; 'million': 0.74; '50%': 0.78; 'potentially': 0.81; 'satisfied': 0.81; 'etc,': 0.84; 'ineffective': 0.84; 'obvious.': 0.84; 'off,': 0.84; 'presumably': 0.84; 'significance': 0.84; '(running': 0.91; 'angel': 0.91; 'subject:World': 0.91; 'that),': 0.91; 'to:none': 0.92; 'deal,': 0.93; 'imagine': 0.93; 'technique': 0.93 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=11FvWhFDbkBVGbiWtXWHEroyq0qm//VLDwW4e3NezjY=; b=ecRy/Q4i/XYoS5sDzvKt4iW7KTx0JiNFnha2L2ET8/ADjrQcFbyvmgmuLlepb6q/XP EVf6RNSlyezD3KDUyI+I6RaRZrLaiwbLdvMr8grllnXDyaBnx3zWM6a2iaLsTMNTfrTM B5n9vQjdG3uQCl+ov6b+ylXYQqQicKDLur/wBFOZydKDt3aDIVa7l2NlEqm2vLP3Jq/m 31pi7X8Qi9uT40QdLZNLdC74jBFhqP92p+Wboe6UxlcgnMXTj02bYdiLywqsHcgFEaRp iiLn7UFhBfGt8lql1kkQ1ODKjuxC4FMkvOoZX7/HsVOAkfwaJcGpZg1PwUXCSmkqxmDQ NduA== MIME-Version: 1.0 X-Received: by 10.50.18.108 with SMTP id v12mr18451004igd.34.1419287354096; Mon, 22 Dec 2014 14:29:14 -0800 (PST) In-Reply-To: <54987797.8060504@davea.name> References: <54957226$0$12975$c3e8da3$5496439d@news.astraweb.com> <54971df7$0$30820$b1db1813$ba2d9d20@news.astraweb.com> <54974ed7$0$12986$c3e8da3$5496439d@news.astraweb.com> <54987797.8060504@davea.name> Date: Tue, 23 Dec 2014 09:29:14 +1100 Subject: Re: Encryption - was Hello World From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 75 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1419287363 news.xs4all.nl 2834 [2001:888:2000:d::a6]:43455 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:82811 On Tue, Dec 23, 2014 at 6:57 AM, Dave Angel wrote: > I figure I must be misunderstanding something in your explanation, since a > brute-force password guesser would seem to only need four billion tries to > (probably) crack that. > > 1) Are you assuming that the cracker can read the source code, but cannot > modify the version of the code that is running? > > 2) Are you really doing something equivalent to: > > test = time_calc() - get a one-byte byte-string according to hour of the > week > encoded_pw = hash(password) > if encoded_pw.startswith(test*2) and encoded_pw.endswith(test*2): > ---passed--- > > I can understand that being sufficiently obscure for the pointy haired boss, > but I figure I've got to be missing something. A quick test with 3.2 shows > that around a million hashes can be generated per second, so checking four > billion is only an hour or so. Since some of them will collide, that gives > us something better than 50% likelihood of having found a useful pw in an > hour. But a few more hours and we'll most likely have it. > > For that matter, you must have already written such a pw finder. > > I'm back to figuring I'm misunderstanding what you're saying. No, actually you're understanding that fairly well. Of course, I didn't share the password finder script. The code was similar in functionality to what you describe, but it used a more obscure coding style so it wasn't obvious. Imagine using a regex to verify that part of the hash. (It wasn't actually a regex, but it wasn't Python either, and the significance is that it was obfuscated code.) I don't remember exactly which hashing algorithm I was using for this, but the password finder took about a week (running roughly eight hours a day, while I was there) to cover most of the required passwords. As to the assumptions... uhh... that was never something I really understood. I think you're probably right, and this was part of the paranoia of "my code might be stolen". You're attempting to attribute a level of logic to the requirements which has no supporting evidence :) But what you've proven above is how ineffective this technique is at keeping out a determined, and mathematically-adept, attacker. Yaknow, *real* security. This code was *extremely* effective at satisfying my boss. As I said, he wasn't satisfied with the idea of just embedding a SHA256 hash into the code; I would have used an XKCD 936 compliant password, so brute-forcing that would take (assuming your million-hashes-per-second figure) about a year, and that assuming the attacker knew my exact style. Aside: XKCD 936 overestimates the time to generate guesses (1000/sec), which presumably means it's not talking about reversing a hash, but attempting some other attack. (Not a big deal, since the same figure is used for both types of password.) But it also underestimates the password entropy of four words. Let's see. First off, a 4K corpus isn't that hard to work with, so that potentially gives you another four bits of entropy; in /usr/share/dict/words I have 72861 words with no capital letters, punctuation, etc, so it wouldn't be unreasonable to push that up even to 16 bits per word (which sounds weird, worded like that), raising the total entropy from 44 bits to 64. And there's no guarantee that one person's corpus will exactly match another's. Plus, you might and might not capitalize the first letters of the words (another bit), and you could run them together with no punctuation, or use any common punctuation to separate them (space, or "-:,./\" - eight easy options, 3 bits). So in theory, an attacker might know that you're using an XKCD 936 password, but there could still be up to 68 bits of entropy, *easily*. Even in a dedicated personal attack, the estimate of 44 bits would be an absolute minimum, and it's likely to cost rather more than that. ChrisA