DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th May 2009
s0xxx's Avatar
s0xxx s0xxx is offline
Package Pilot
 
Join Date: May 2008
Posts: 194
Thanked 47 Times in 22 Posts
Default New tool on the block - scrypt

Quote:
In the context of hardware brute-force attacks, scrypt is thousands of times more secure than existing "best practice" solutions such as bcrypt and PBKDF2; in fact, under reasonable assumptions it is provably as strong as possible. In addition to the key derivation function itself, I have released a simple file encryption utility which is approximately 100 billion times more secure than openssl enc, due to OpenSSL using MD5 as a key derivation function.
http://www.daemonology.net/blog/2009...erivation.html

Later in the comments Colin said:
Quote:
Drepper's SHA crypt is actually weaker than bcrypt where hardware brute force attacks are concerned, since blowfish (and thus bcrypt) requires a larger die area than SHA256 or SHA512.

I'm planning on talking to Drepper about scrypt and investigating whether scrypt can be brought into linuxes and BSDs as a standard method for password hashing.
Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions, presented at BSDCan'09, May 2009.
Conference presentation slides: PDF.
__________________
The best way to learn UNIX is to play with it, and the harder you play, the more you learn.
If you play hard enough, you'll break something for sure, and having to fix a badly broken system is arguably the fastest way of all to learn. -Michael Lucas, AbsoluteBSD
Reply With Quote
  #2   (View Single Post)  
Old 19th May 2009
s0xxx's Avatar
s0xxx s0xxx is offline
Package Pilot
 
Join Date: May 2008
Posts: 194
Thanked 47 Times in 22 Posts
Default

A quick update (yes I know this is a FreeBSD section) - it is now usable on NetBSD too.
__________________
The best way to learn UNIX is to play with it, and the harder you play, the more you learn.
If you play hard enough, you'll break something for sure, and having to fix a badly broken system is arguably the fastest way of all to learn. -Michael Lucas, AbsoluteBSD
Reply With Quote
  #3   (View Single Post)  
Old 21st May 2009
s0xxx's Avatar
s0xxx s0xxx is offline
Package Pilot
 
Join Date: May 2008
Posts: 194
Thanked 47 Times in 22 Posts
Default

Quote:
scrypt version 1.1.2 released

On Saturday I released scrypt version 1.1 and asked the readership of these dispatches to help me out by testing it. Rory Arms, "atourino", Johan Brinch, Darren Chamberlain, Dalibor Gudzic, Mathias Gumz, Justin Haynes, Erik Karulf, Ricardo Martins, Marshall Pierce, Kenji Rikitake, "s0xxx", and Royce Williams obliged, finding compile-time and run-time errors -- and in several cases, submitting patches. I am happy to announce that I have uploaded scrypt version 1.1.2 (source tarball, GPG-signed SHA256 hash) to the scrypt website. This code has now been tested on FreeBSD, NetBSD, Linux, Solaris, OS X, Cygwin, and GNU Hurd.

In addition to the above, Mathias Gumz has sent me patches to make scrypt work on Windows; I haven't had time to integrate his work into my tree yet, but I plan on doing that soon. If anyone can test scrypt on any other systems (OpenBSD? DragonFlyBSD? Minix? AIX? HP-UX?), I'd be interested to hear the outcome -- please submit comments below.
http://www.daemonology.net/blog/2009...-released.html
__________________
The best way to learn UNIX is to play with it, and the harder you play, the more you learn.
If you play hard enough, you'll break something for sure, and having to fix a badly broken system is arguably the fastest way of all to learn. -Michael Lucas, AbsoluteBSD
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
block spam milo974 OpenBSD Security 1 26th May 2009 11:30 AM
Automaticaly block IPs with PF DNAeon FreeBSD Installation and Upgrading 7 20th February 2009 02:06 AM
Security Researcher To Release Hacking Tool hunteronline Off-Topic 0 21st August 2008 06:29 PM
A P2P controlling tool at last - ipfw-classifyd s0xxx FreeBSD Ports and Packages 0 3rd August 2008 09:49 AM
BSD n00b needs to block incoming SQL on 3306 renolinux FreeBSD Security 5 27th May 2008 02:26 PM


All times are GMT. The time now is 06:13 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick