Re: Digital Unix 4 protected password database.

[mouse () RODENTS MONTREAL QC CA (der Mouse)]

> I once posted a better algorithm than this [...]... but it never got
> adopted, and anyway, MD5 or SHA1 is a much better bet.

Years ago, I did an MD5-based crypt(3) for NetBSD.  I've been using it
ever since.  I believe it is significantly better for several reasons.
One, of course, is that it's nonstandard and hence not vulnerable to
stock crack-alikes - but quite aside from that, it has benefits:

- MD5 is of clearer US export status than DES (even encryption-only DES
   engines can be used for data secrecy if you use CFB or OFB).

- The salt is large enough for the foreseeable future (128 bits).

- The round count is a parameter and is stored as part of the hash
   (meaning, there's no compatability issue involved with raising this
   as CPUs get faster).

- The hash format is extensible (it begins with a version number).

Of course, *any* hash except the "standard" traditional one may
introduce compatability problems if it's shared with NIS (nee YP) or
moral equivalent.

I will be happy to send a copy of the code, or a text description of
the algorithm, to anyone who wants one.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B