Hello to all,
I am reading a book these days and there is an example program(Crypto) in it that goes like this:

encrypt
======
1) get password & filename from user
2) calculate sha-160 on password
3) calculate md5 from sha-160 hash
4) calculate 3des from sha-160
5) encrypt file with 3des, and save somewhere on file header the md5 hash

so, when the user wants to decrypt the file it calculates and compaires the md5 hash of the password and compaires it with the stored one in the encrypted file. If its the same then it means its the correct pass.

so, i was wondering
- How strong is this kind of protection??
- What are the possible & best attacks someone can use to find the pass, or decrypt the file??

Keep well,
Ray.

Hello,



ok, if its just sha1(password) it means there is no salt, so its possible to build a dictionary of hashed potential passwords. Additionally, a single sha1(password) is a fast operation, so it doesn't take very long to compute the passwords.

Ideally, you'd want to salt the passwords, and possibly hash x thousand times so it takes a bit of cpu time (mebe a second or two, depending on user tolerance, etc.) to help make bruteforce attacks infeasible for !large company, government people



Hmm, while not a weakness, you're better off decrypting all the data, and checking at the end. It makes the attacks take longer . this could work via checksums, etc.

The security kinda boils down to the standard password security problem

As for attacking it:
- Bruteforce (write a plugin for john, (see hxxp://www.openwall.com))
- if you have to do it lots, make a dictionary of passwords and the md5 results.
Then look up the password based on the hash.

- "steal" the password (keylogger, etc.)
- Go over how they are implementing the crypto and see if they've stuffed up
implementation of it, or there are other interesting tidbits left around.

- andrewg.

Andrew,
Great info! Thanks.