Re: passwd hashing algorithm

[casper () fwi uva nl (Casper Dik)]

>       I think you're off base. :) The weakness involves the speed
> with which you can des data.  Doing to 3des means you (roughly) triple
> the attack time, which means that in about 2 years, we'll be back
> where we are today.  Remember that Crack doesn't really crack
> passwords, it just tries to send in lots of passwords, and see when
> the output matches.

Using triple des for instead does not increase crack time at all.
crypt(3) is 25-fold des, so triple des would give an 8-fold increase
in crack speed.  Using triple des will severely weaken the password
algorithm.

(Note that the crypt(3) algorithm doesn't "encrypt" the password, it
uses the passowrd to encrypt an all 0 bits plain text 25 times with
a lightly modified des.)  

>       What you want is a strong authenticating function; something
> that the user can do to demonstrate identity (and possibly possession)
> to a server.  I doubt that reusable passwords are up to the task,
> unless you're using some solid encryption client.  If you're going to
> build a smart client, you might as well build in smart authentication.


Correct.  Challenge/response systems are probably best, as they need
not require the remote terminal to have any intelligence at all.
You need to carry your "challenge responder (token card, skey list)"
with you though.  Running encrypted sessions over the internet will require
much more from the remote end.  And it'll require some form of cooperation from
the authorities.

Casper