Re: Digital Unix 4 protected password database.

[Alec.Muffett () UK SUN COM (Alec Muffett)]

> The one thing that CAN cause problems is that Digital UNIX can use
> nonstandard hash algorithms (bigcrypt(), crypt16() and C1crypt()) as
> well as the normal crypt(). Not only does this make coding slightly
> complicated (as you have to get the correct hash algorithm, but when
> a password is created within an Enhanced Security environment that is
> over eight characters in length, another password round is created
> AFTER the original to contain the rest of the password. This doesn't
> make things impossible, just difficult - Digital kindly provide a set
> of system calls to do most of this for you.

Paul Leyland told me, many years ago, that one or more of the
"Enhanced Security" crypt-replacements are actually less secure
than traditional crypt() in many respects.

Consider the:

        crypt first 8 chars
        crypt remaining 8 chars
        join the two ciphertexts

...mechanism; assuming people choose passwords which are (a) plain
dictionary words and (b) only slightly longer than 8 characters, then:

        plaintext = wheatsheaf
        first 8 chars = wheatshe
        last 8 chars = af

...the cracker may brute-force the latter ciphertext with its implicit
small keyspace, and then (eg:) go hunting for words in dictionaries
which are 10 characters long and whose last characters are "af",
thereby possibly reducing the search space for the first 8 characters
*very* significantly.

I attach below a section of an illuminating e-mail of Paul's from 1996;
I do not think he'll mind my publishing it.

I once posted a better algorithm than this (essentially, crypt the
first eight characters "wheatshe", crypt the *last* eight characters
"eatsheaf", remembering to meddle with the salt for the second crypt
by using a function of first plaintext to prevent the pathological
condition where the ciphertext is eight-or-less characters yielding
concatenated repeated ciphertexts... but it never got adopted, and
anyway, MD5 or SHA1 is a much better bet.

There are other issues with the innards of some of these crypt()
replacements, involving numbers of rounds, etc, but it is a long time
since I visited Ultrix and/or them.

        - alec

ps: ObCynic: no doubt some self-aggrandising security research
pseudogroup can easily whip up a PGP-signed "Security Advisory" to
leap on this bandwagon, bring this to the media, and thereby try to
gain credibility.  Don't all jump at once, now, y'hear?



| Here's a test program and it's output when compiled and run under Ultrix
| 4.3a.  Note the behaviour when the password drops below 8 characters...
|
| Paul
|
| 8<---------------------------------------------------------------------->8
|
| main ()
| {
|    printf ("<%s> <%s> <%s>\n", "printf", "aa", crypt16 ("printf", "aa"));
|    printf ("<%s> <%s> <%s>\n", "printf", "AA", crypt16 ("printf", "AA"));
|    printf ("<%s> <%s> <%s>\n", "printf", "az", crypt16 ("printf", "az"));
|    printf ("<%s> <%s> <%s>\n", "printf", "a0", crypt16 ("printf", "a0"));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4IP", "/.", crypt16 ("LOLOAQICI82QB4IP", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4I", "/.", crypt16 ("LOLOAQICI82QB4I", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4", "/.", crypt16 ("LOLOAQICI82QB4", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB", "/.", crypt16 ("LOLOAQICI82QB", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82Q", "/.", crypt16 ("LOLOAQICI82Q", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI82", "/.", crypt16 ("LOLOAQICI82", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI8", "/.", crypt16 ("LOLOAQICI8", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQICI", "/.", crypt16 ("LOLOAQICI", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQIC", "/.", crypt16 ("LOLOAQIC", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQI", "/.", crypt16 ("LOLOAQI", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOAQ", "/.", crypt16 ("LOLOAQ", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLOA", "/.", crypt16 ("LOLOA", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOLO", "/.", crypt16 ("LOLO", "/."));
|    printf ("<%s> <%s> <%s>\n", "LOL", "/.", crypt16 ("LOL", "/."));
|    printf ("<%s> <%s> <%s>\n", "LO", "/.", crypt16 ("LO", "/."));
|    printf ("<%s> <%s> <%s>\n", "L", "/.", crypt16 ("L", "/."));
| }
|
| 8<---------------------------------------------------------------------->8
| <printf> <aa> <aaCjFz4Sh8Eg2QSqAReePlq6>
| <printf> <AA> <AA/xje2RyeiSU0iBY3PDwjYo>
| <printf> <az> <azbLHnWaqbJeQeZc1OSYe7Pk>
| <printf> <a0> <a0yn3KhrcQbus.ioGbPACugk>
| <LOLOAQICI82QB4IP> </.> </.FcK3mad6JwYt8LVmDqz9Lc>
| <LOLOAQICI82QB4I> </.> </.FcK3mad6JwYq1nJWLBmf3E>
| <LOLOAQICI82QB4> </.> </.FcK3mad6JwYy2Cg/eC.S0Y>
| <LOLOAQICI82QB> </.> </.FcK3mad6JwYGluf6Ixbuu6>
| <LOLOAQICI82Q> </.> </.FcK3mad6JwYZpsNag31O/2>
| <LOLOAQICI82> </.> </.FcK3mad6JwYZ5gmSbpOG4c>
| <LOLOAQICI8> </.> </.FcK3mad6JwY0b/Q.wdrEkg>
| <LOLOAQICI> </.> </.FcK3mad6JwYSaRHJoTPzY2>
| <LOLOAQIC> </.> </.FcK3mad6JwYelhbtlysKy6>
| <LOLOAQI> </.> </.HFDmSJe0gdUelhbtlysKy6>
| <LOLOAQ> </.> </.4xr8tFp2YtkelhbtlysKy6>
| <LOLOA> </.> </.J0OjcwfBdmselhbtlysKy6>
| <LOLO> </.> </.W3kA/gJhfNkelhbtlysKy6>
| <LOL> </.> </./8USI4XZojgelhbtlysKy6>
| <LO> </.> </.IsLxNCl59joelhbtlysKy6>
| <L> </.> </.CIu/PzYCkl6elhbtlysKy6>
| 8<---------------------------------------------------------------------->8