Re: SHA-1 vs. triple-DES for password encryption?

Craig Minton wrote:
> We are considering changing our password storage from a home-grown

In general you should not use reversible crypto for password storage, so SHA-1 is a better option than triple-DES (it is, of course, possible to make a one-way hash out of triple-DES, so perhaps that's what you meant?).

SHA-1 is still considered secure.

Reducing the hash to 8 bytes makes the work factor for a successful attack 2^64, which is not generally considered to be fantastically strong, but may still be sufficient for your purposes (especially if passwords are limited to that size :-).

A birthday attack, which may well not apply, but it depends on your application, would have a work factor of 2^32, which is definitely weak.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       
http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek