Bugtraq mailing list archives
Re: passwd hashing algorithm
From: rhaas () cygnus arc nasa gov (Robert M. Haas)
Date: Sat, 15 Apr 1995 23:56:32 -0700
The point is, however, that DES isn't used in crypt(3) as a cipher but as a weird hash function over an eight byte value, the password, and
Strengthening the password encryption algorithm strikes me as putting a tighter lock on the door when the window is standing wide open... if someone really wants to break into your machine, they can put a sniffer on your network, and it won't matter how good your encryption algorithm is. Admittedly it's a little harder to get a sniffer running on a network than crack, but even so, reusable passwords are doomed... ...Robert
Current thread:
- Re: UUCP/sendmail configs.., (continued)
- Re: UUCP/sendmail configs.. Dave Williss (Apr 11)
- Sendmail 5.65? David Cohen (Apr 11)
- Re: UUCP/sendmail configs.. Mark (Apr 12)
- passwd hashing algorithm Dave Stagner (Apr 13)
- Re: passwd hashing algorithm Adam Shostack (Apr 13)
- Re: passwd hashing algorithm Casper Dik (Apr 14)
- Re: passwd hashing algorithm Rick Busdiecker (Apr 14)
- Re: passwd hashing algorithm Adam Shostack (Apr 14)
- Re: passwd hashing algorithm Perry E. Metzger (Apr 14)
- I wanna get a mailing list... Kim Whi-kang (Apr 15)
- Re: passwd hashing algorithm Robert M. Haas (Apr 15)
- Re: UUCP/sendmail configs.. Dave Williss (Apr 11)