Vigil@nce - FreeBSD, NetBSD, OpenBSD: weakness of DES crypt
November 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Passwords hashed by the crypt() function, with the DES algorithm,
and using a non alphanumeric salt, use a salt partially
predictable, so an attacker can optimize a brute force attack.
Severity: 1/4
Creation date: 15/11/2011
IMPACTED PRODUCTS
– FreeBSD
– NetBSD
– OpenBSD
DESCRIPTION OF THE VULNERABILITY
The crypt() function is used to hash passwords. It supports the
DES, MD5 and Blowfish algorithms.
This function uses a "salt" so the hash of the same password is
different. For example, the following result values are different:
crypt("secret", "saltA")
crypt("secret", "saltB")
Most of the time, the salt is composed of alphanumeric (or Base64)
characters. However, if the salt contains other characters, the
DES algorithm transforms them to dots (’.’) before using the new
salt. There is thus a greater risk of collisions (twice the same
salt).
Passwords hashed by the crypt() function, with the DES algorithm,
and using a non alphanumeric salt, use a salt partially
predictable, so an attacker can therefore optimize a brute force
attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-NetBSD-OpenBSD-weakness-of-DES-crypt-11158