[ previous ] [ next ] [ threads ]
 
 From:  Peter Curran <peter at closeconsultants dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] recommended wireless?
 Date:  Tue, 6 Jul 2004 17:26:33 +0100 
I think that there are 2 different issues here.

1.  PBKDF1 (and similar) algorithms (such as the one used by Kerberos - ISTR 
this is a different way of doing the same thing) are really designed at 
producing a good quality key with minimal entropy.  The idea being that a 
simple brute-force attack on the whole key space is not 'short-cuttable'.  
Whilst they may be successful in achieving that objective, they will not help 
if the user selecting the password chooses a weak example, such as a 
dictionary word, car registration number or similar.  (I know that you made 
the caveat about 'usual precautions', but the reality is that these are 
broadly ignored/unenforceable).

2.  56 bit DES tends to be dismissed as 'too weak'.   Well, I don't know if 
you have any knowledge of anybody ever having any DES-encrypted data 
compromised by a brute force attack - I certainly don't.  [password guessing, 
on the other hand, is sadly familiar].  As you say, a couple of PC's are not 
going to help much when it comes to attempting a brute-force attack on a 
56-bit DES encryption.  I think it is a shame that it has become received 
wisdom that anything with a key length < 128 bits is bad.  For your average 
man in the street, 56-bit DES is perfectly adequate and likely to remain so 
for a few years yet.  (I had this problem a few days ago when trying to 
explain to a company that using plain DES to support Windows/UNIX integration 
using Kerberos was OK).  They just did not accept it!  Why, because they had 
seen a TV programme where some pundit had explained that <128-bit == BAD 
CRYPTO!

Peter

On Tuesday 06 July 2004 15:49, Manuel Kasper wrote:
> On 06.07.2004 15:25 +0100, Peter Curran wrote:
> > I think encyrption is intriguing as a solution to the
> > confidentiality issues,  but as they are using DES on the Netgear
> > stuff I assume that you have to  pre-configure all the devices with
> > a shared key.  As this tends to be derived  from a passord it could
> > be relatively easy to attack.
>
> I did a little analysis of HomePlug powerline networking about a year
> ago. The password hashing is done as per PBKDF1 - it involves using
> MD5 1000 times, so with the usual password precautions in place, the
> resulting 56-bit DES key should be good. Also, provided that the
> implementation in HomePlug doesn't suffer from similar flaws as WEP,
> 56-bit encryption is IMHO enough for home users. I mean, it's not
> like you can brute-force-search a 56-bit key in a useful amount of
> time with only a few PCs at hand...
>
> - Manuel


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.