Bugtraq mailing list archives
Re: passwd hashing algorithm
From: LTABER () pimacc pima edu (Louis Taber)
Date: 13 Apr 1995 11:46:22 -0700
* David Faron Stagner (stagda () sys1 ic ncs com) writes
I'm with der Mouse on this... the current state of crypt() and password hashing in unix is inexcusable.
..... stuff removed
So what we're left with is replacing crypt() with something decently strong. How about triple DES? At this point in the game, triple DES seems as strong as anything available, and certainly far stronger than the existing scheme. It also would not change the length of the passwords on file or the basic authentication mechanism. Of course, this still doesn't solve the problem of weak passwords (which is still a basic attack mechanism for crack), but it would make minimum-password schemes much more effective, and increase the value of good passwords substantially. Someone tell me if I'm completely off-base here. -- * David Faron Stagner * National Computer Systems david_stagner () ic ncs com * 2510 N Dodge St vox 319 354 9200 ext 6884 * Iowa City, IA 52244 fax 319 339 6555
My take on this is that encryption is NOT the way to go. This would mean that there exists a key that could decrypt the entire password file. On this count triple DES is no better than regular DES. From my understanding the MD5 would work well. It is non-reversible. Louis Louis Taber ltaber () pima edu Pima Community College, Computer Science, 2202 W. Anklam Rd, Tucson, AZ 85709 (520) 884-6039 Secretary / (520) 884-6850 Office direct
Current thread:
- Re: passwd hashing algorithm don () paranoia com (Apr 13)
- Re: passwd hashing algorithm Perry E. Metzger (Apr 13)
- Re: passwd hashing algorithm Jon Peatfield (Apr 15)
- Re: passwd hashing algorithm Timothy Newsham (Apr 17)
- <Possible follow-ups>
- Re: passwd hashing algorithm Louis Taber (Apr 13)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm John F. Haugh II (Apr 16)
- Re: passwd hashing algorithm Charles Howes (Apr 14)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm der Mouse (Apr 14)
- Re: passwd hashing algorithm smb () research att com (Apr 14)
- Re: passwd hashing algorithm Dennis Glatting (Apr 15)
- Re: passwd hashing algorithm smb () research att com (Apr 16)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: passwd hashing algorithm John F. Haugh II (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)