Yet Another useful paper
Piercarlo Grandi
pcg at aber-cs.UUCP
Mon Dec 19 02:51:23 AEST 1988
In article <4420 at xenna.Encore.COM> bzs at Encore.COM (Barry Shein) writes:
# >As far as UNIX passwords, it further justifies the use of a shadow
# >password file and the use of 64 character pass phrases.
#
# Why? Because it shows a 20x speedup possibility? Let's do the
# arithmetic again...
#
# [ .... some reassuring arithmetic that DES can't be compromised .... ]
It takes a lot to properly answer your posting. Let me say, as numerous other
posters will be better able to point out, that there are *many* ways to skin
a DES.
Even by looking at the non classified, non restricted papers on encryption
available, it is clear that breaking a 56 bit key (especially if educated
guesses at the potential boundaries on the actual keyspace are made) is not
that terribly hard, e.g. by probabilistic techniques...
In particular, UNIX password deciphering, where a number of *clever* (whereas
you assume brute force) attack techniques have been devised, is now regarded
by some as affordable to anybody with large but not truly extraordinary
resources.
# Let's face it folks, at these fantastic rates the following methods
# would be far more effective:
#
# [ .... the traditional, most effective ways of breaking security .... ]
Breaking DES text in general is still quite hard, enough so that cipher
breaking is indeed not going to be the weak link in a software+hardware+network security chain.
# Dennis, without further justification for your position/conclusion I
# claim you're grasping for straws and succumbing to mob mentality.
Still, I think that Dennis is not grasping for straws. The most feared
danger with any cryptographic technique is that somebody will come up with a
clever theorem or a clever hack that chips away at your assumptions about how
hard it is to do certain things. This paper in this respect is ominous.
Another fact (reliable hearsay actually) that ought to send shivers thru the
back of security people is that a 100 decimal digits numbers has been factored
without too much fuss. Look into comp.parallel...
--
Piercarlo "Peter" Grandi INET: pcg at cs.aber.ac.uk
Sw.Eng. Group, Dept. of Computer Science UUCP: ...!mcvax!ukc!aber-cs!pcg
UCW, Penglais, Aberystwyth, WALES SY23 3BZ (UK)
More information about the Comp.unix.wizards
mailing list