crypt(1) -- how secure, how breakable? (addenda and errata)

Henry Spencer henry at utzoo.UUCP
Tue Oct 16 05:17:06 AEST 1984 

Several people have written with additions and corrections to my
original posting about crypt(1).  The big one is that Jim Reeds, who
wasn't mentioned in my article at all, was the Bell Labs man who
broke crypt.  Bob Morris Sr. and Peter Weinberger were involved, but
in lesser ways.  Oops.  My info did come from within Bell Labs; I guess
my informant simply had it wrong.  My apologies to Jim, who was one of
the folks who wrote to me and whose comments I draw on heavily in the
following.

The Bell folks do not think that they can break all possible improved
forms of crypt, although they have broken one or two.

Morris's Cryptologia paper describing how to break the M-209 required
known plaintext, and the M-209 definitely is not the "most modern"
Hagelin machine.  Furthermore, V7 crypt(1) is not a Hagelin algorithm
at all, so it's irrelevant.  [Blush.  I'm not a serious cryptology fan
myself, but I should have remembered *that*!]

Aegean Park Press is no longer the publisher of Cryptologia, although
it used to be.

The Barker book does not work up to full rotor machines, it works up to
a full Hagelin M-209.  As mentioned above, there is no relation.

Jim Reeds is doubtful about the suggestion of a multi-rotor machine being
breakable in a few hours; he thinks he can make a small multi-rotor
machine that is nearly unbreakable.  This disagreement probably cannot
be resolved in a public forum, since my source for the original comment
probably isn't allowed to elaborate.

Reeds also points out that the chances of your security being breached by
cryptanalysis are much lower than the chances of penetration via superuser
access (legitimate or as a result of a security breach).  The knowledge
and skills needed for the latter approach are much more widely available.

There is general agreement about my overall summation:  crypt(1) is
probably adequate protection against snoopers, unless you have snoopers
who are sophisticated cryptanalysts or have access to sophisticated
cryptanalytic software.  Bear in mind my earlier comments:  short files,
each encrypted with a different key, will make the breaker's job harder.
The desirability of long keys is less clear; crypt(1) does chop the keys
at 8 characters, and Jim Reeds says that key length is not really very
significant, but note that very short keys are subject to breaking by
exhaustive search.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry

More information about the Comp.unix.wizards mailing list