Yet Another useful paper

Phil Karn karn at ka9q.bellcore.com
Thu Dec 29 07:13:16 AEST 1988 

>>                          I'd also like to see a standard "key crunching"
>> algorithm for transforming a password (or phrase) longer than 8 characters
>> into a 56-bit DES key.

>  But what will this accomplish is the password file is readable and the
>encrpytion method (key crunching and all) public?

A lot. The point is that to be maximally effective, the UNIX password
algorithm should be given keys with 56 bits of entropy. That is, the
distribution of actual user keys should be uniformly distributed over
all 2^56 possible values.

Present attacks on encrypted UNIX passwords are so successful only because
the actual passwords people use are clustered in a tiny portion of this key
space, and it is easily searched by brute force.  However, a truly uniform
key distribution would virtually defeat this for anyone but the NSA.

Now this can be done in two ways: by having people use passwords that
resemble either "(X4Hj12@", or "The wolf ate the duck whole.". The first is
eight random characters (actually, only printing ASCII characters were
chosen here, making the entropy more like 52 bits instead of 56).  The
second is an English sentence of 28 characters. According to Shannon's
figure of 2 bits/letter for the entropy of English, this sentence has 56
bits of entropy. But which password is a human user more likely to remember?
That's the whole point behind key crunching.

By itself, this is not enough since people are likely to object to having to
type repeatedly such long passwords. The answer to that problem is a good
authentication scheme that would allow you to give your password only once
(when logging in to your "home" computer) which would then enable your
system to authenticate you to the other systems you use regularly on the
network.  As much as people like to bash rsh/rlogin as insecure, you must
admit that it may actually enhance security if the alternative was to
require people to enter their passwords so frequently that they choose
short, simple ones to simplify typing.

Phil

More information about the Comp.unix.wizards mailing list