Password security - Another idea
The Beach Bum
jfh at rpp386.Dallas.TX.US
Thu Jan 5 23:01:55 AEST 1989
In article <949 at ruuinf.UUCP> piet at ruuinf (Piet van Oostrum) writes:
>In article <10629 at rpp386.Dallas.TX.US>, jfh at rpp386 (The Beach Bum) writes:
>`Since there are only 2^56 possible outputs, and 2^132 inputs, some of
>`them must map onto other encrypted passwords - a multi-way encryption.
>`
>You are right, only it is 2^64 (the key for DES is 56 bits, but the output
>is 64 bits), so this still gives an 8 bit improvement, making it 128 times
>as hard.
If you obtain the salt from the password, rather than clock(), then you
are correct.
This would be an inexpensive way to increase the password beyond 8
characters. It is, unfortunately, incompatible with current password
files. At what price progress? [ How about - an extra field in
/etc/privates giving the encryption method ;-) ]
--
John F. Haugh II +-Quote of the Week:-------------------
VoiceNet: (214) 250-3311 Data: -6272 |"Anything on the road which can be
InterNet: jfh at rpp386.Dallas.TX.US | hit, will be ..."
UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
More information about the Comp.unix.wizards
mailing list