In association with heise online

Protection against TMTOs

TMTOs often succeed against the very cryptographic systems that form the basis of computer security. Pre-computing makes it possible to find sensible compromises between a time-consuming brute force attack and a memory-intensive dictionary attack. Their success might lead one to suppose that this kind of attack is difficult to prevent, but precisely the opposite is the case, for the question of whether it makes sense to use TMTOs depends, not on the cryptographic cipher itself, but on the protocol that uses it.

The trick for letting the method run through empty passes, is to vary the cryptographic function each time it is run. If two users encrypt the same message with the same key, two different results should be yielded. This variation can be achieved if, for example, a user name or a device ID contributes to the encryption process, along with the key that is input. An attacker would consequently have to compute a separate rainbow table for each user, or even for each device, which would normally require more effort than a brute force attack.

A random piece of data provided to the hashing function, the "salt", thwarts TMTO attacks. An attacker now has to take account not just of every possible password, but of every possible password for every possible salt value.

The Crypto1 cipher would have been more secure had it combined the ID and the key, using an established hash function such as SHA1. Another trap would be to ensure that the inputs to the non-invertible function are different for each packet, this normally being achieved by involving initialisation vectors ,in WLAN encryption, for example, or counters.

If the device ID and the user name are not available, or if as frequently happens they are identical ,"administrator" or "root", for example, random values can be generated and saved along with the encrypted message. Almost all derivatives of Unix, including Linux, have been using this technique, known as salting, for password hashes for the last three decades. TMTO attacks against them are hopeless.



[1] Christiane Rütten, Lauschgelegenheit, Handy-Gespräche bald abhörbar [Perchance to bug: mobile phone calls will soon be open to tapping], c't 24/07, p. 90
[2] Information about the OphCrack cracking program and suitable tables
[3] Web site of Project RainbowCrack with further information

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit