Bugtraq mailing list archives

passwd hashing algorithm

From: stagda () sys1 ic ncs com (Dave Stagner)
Date: Thu, 13 Apr 1995 07:35:06 -0500 (CDT)


I'm with der Mouse on this... the current state of crypt() and
password hashing in unix is inexcusable.  The basic crack attack on
unix-based systems is to steal the passwd file and run crack, which
should net a password or two (at least) within an hour.  The
"solution" so far is shadowed passwd files, at best a kludge.  It just
changes the game so a root-level process has to be convinced to cat
the shadowed passwd file somewhere... not a particularly difficult
proposition, judging from the healthy activity on this mailing list.

The *good* solution would be some sort of public key or other
double-blind authentication scheme which doesn't pass cleartext
passwords over the net at login time, is cryptographically strong, and
allows passwords of arbitrary length.  The current scheme is none of
these.  The obvious first sacrifice is public key/blind
authentication, because it would constitute a serious change and
complication to the current scheme.  The second sacrifice might be
arbitrary-length passwords, on the (probably irrelevant) belief that
some programs might not deal well with long passwords in the passwd
file.  

So what we're left with is replacing crypt() with something decently
strong.  How about triple DES?  At this point in the game, triple DES
seems as strong as anything available, and certainly far stronger than
the existing scheme.  It also would not change the length of the
passwords on file or the basic authentication mechanism.  Of course,
this still doesn't solve the problem of weak passwords (which is still
a basic attack mechanism for crack), but it would make
minimum-password schemes much more effective, and increase the value
of good passwords substantially.  

Someone tell me if I'm completely off-base here.
-- 
* David Faron Stagner
* National Computer Systems           david_stagner () ic ncs com
* 2510 N Dodge St                     vox 319 354 9200 ext 6884
* Iowa City, IA 52244                 fax 319 339 6555
I disclaim my employer and I'm sure they'd disclaim me too.

(This .sig has been sanitized for your protection)

Current thread:

Re: UUCP/sendmail configs.. der Mouse (Apr 10)
- Re: UUCP/sendmail configs.. Dave Williss (Apr 11)
  - Sendmail 5.65? David Cohen (Apr 11)
  - Re: UUCP/sendmail configs.. Mark (Apr 12)
  - passwd hashing algorithm Dave Stagner (Apr 13)
    - Re: passwd hashing algorithm Adam Shostack (Apr 13)
    - Re: passwd hashing algorithm Casper Dik (Apr 14)
    - Re: passwd hashing algorithm Rick Busdiecker (Apr 14)
    - Re: passwd hashing algorithm Adam Shostack (Apr 14)
    - Re: passwd hashing algorithm Perry E. Metzger (Apr 14)
    - I wanna get a mailing list... Kim Whi-kang (Apr 15)
    - Re: passwd hashing algorithm Robert M. Haas (Apr 15)