Re: passwd hashing algorithm

[mouse () Collatz McRCIM McGill EDU (der Mouse)]

> > So what we're left with is replacing crypt() with something decently
> > strong.  How about triple DES?

Somewhat better.

> > [This] also would not change the length of the passwords on file or
> > the basic authentication mechanism.

True.

> My take on this is that encryption is NOT the way to go.   This would
> mean that there exists a key that could decrypt the entire password
> file.  On this count triple DES is no better than regular DES.

You seem to misunderstand the current scheme.  The scheme is _not_
simply hash = DES crypt of typed password with some key.  Rather, it is
more like hash = DES crypt of constant with typed password as key[%].
Using triple DES here would help because (a) it's harder to crack in
the sense of recovering the key from a (plain,cipher) pair and (b) the
keys are three times as wide (only twice in some variants), which means
less information loss when converting a typed password to a key.

[%] Even this is not quite accurate.  The crypt is not DES but rather a
    slightly perturbed DES, and it's iterated many times.

It's also non-exportable, same as the current scheme, which IMO removes
it completely from serious consideration.

> From my understanding the MD5 would work well.

It does work well.  One of the patches in my set of patches is one to
make libcrypt use an MD5-based algorithm for password hashing.  It's
currently relative to 1.0; once I get "my" machine converted to
-current, I'll port the patches to that and send-pr the result.
(Results, actually, since the patches I have affect more than just
libcrypt.)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu