Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 28 Oct 2022 16:57:52 +0200
From: Solar Designer <solar@...nwall.com>
To: yescrypt@...ts.openwall.com
Subject: Re: Improving security of old DES hashes with fixed salt with "yescrypt"

On Fri, Oct 28, 2022 at 04:25:31PM +0200, Matthias Apitz wrote:
> We run large databases wherein the user credentials of many thousands of
> users are crypt'ed with DES (Unix crypt(3) with fixed salt). To improve
> the security we implemented a hint "why not just re-encrypt the existing
> DES hash with yescrypt". This works fine in all our C-written
> application servers.

For others reading this, the mentioned hint was by me in a thread on
john-users, and I described the various aspects to be aware of here:

https://www.openwall.com/lists/john-users/2022/10/13/5

> I have implemented this now in all our C-written application
> servers. The clear "PIN" is hashed by:
> 
>    hash = MakeCryptYescrypt(MakeCryptDes(PIN), NULL);
>    
> and the hash is stored in the database row for the user.
> 
> The check if the "PIN" is correct entered is made later on login with
> something like this:
> 
>    if (strcmp(hash, MakeCryptYescrypt(MakeCryptDes(PIN), hash)) == 0) {
>       /* PIN is good */
>    }   
> 
> This is all fine now.
> 
> The last problem to solve is, that also some Java-written application is
> doing the same encryption and checks and I can't find any Java
> implementation of yescrypt. Before writing a NIF to a C-function, I
> wanted to ask the experts.

I'm not aware of an existing Java implementation/bindings of/for
yescrypt.  Writing your own bindings for your C function is probably the
way to go.

As a possible alternative (not necessarily the best one), you can call
the underlying system's crypt(3) from Java.  yescrypt is supported in
crypt(3) on recent Linux distributions that use recent libxcrypt.  It is
supported even by some distributions that don't or didn't yet use
yescrypt by default.  For example, on Ubuntu yescrypt is supported in
libxcrypt since 20.04, but is the default since 22.04.  This means that
on Ubuntu you can use yescrypt via crypt(3) starting with 20.04.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.