WARNING!
Jeremy Gaffney
cs132041 at cs.brown.edu
Mon Apr 22 08:01:37 AEST 1991
In article <1991Apr20.163540.23924 at engin.umich.edu>, mjo at irie.ais.org (Mike O'Connor) writes:
|> In article <1991Apr20.150213.23439 at csusac.csus.edu> croft at csusac.csus.edu (Steve Croft) writes:
|> :Leong and Tham presented a paper at winter Usenix where they claimed a
|> :hardware based encyrpter could determine a lower case password in 15
|> :days. On the basis of this, they claimed that UNIX password encryption
|> :is insecure.
|>
|> How would the passwords be recognized as such? Visual inspection? I
|> can't imagine my password as being anything but gibberish, even if
|> decrypted.
|>
As was mentioned earlier in this thread, all that would be required is any password
which returned the same encryption as the original. I would be interested in knowing
how they determine the seeding that is used to encrypt the original...I was under
the impression that this was site-specific.
jg (cs132041 at cs.brown.edu)
|>
|> ====
|> Mike O'Connor (mjo at ais.org)
More information about the Comp.unix.wizards
mailing list