Bugtraq mailing list archives
Re: passwd hashing algorithm
From: chowes () helix net (Charles Howes)
Date: Fri, 14 Apr 1995 12:07:47 -0700 (PDT)
On 13 Apr 1995, Louis Taber wrote:
My take on this is that encryption is NOT the way to go. This would mean that there exists a key that could decrypt the entire password file. On this count triple DES is no better than regular DES. From my understanding the MD5 would work well. It is non-reversible. Louis Louis Taber ltaber () pima edu Pima Community College, Computer Science, 2202 W. Anklam Rd, Tucson, AZ 85709 (520) 884-6039 Secretary / (520) 884-6850 Office direct
There is no key that could decrypt the entire password file. The password entries are blocks of zeroes encrypted with the users' passwords. Finding the key from the encrypted output of des is hard. It involves having a large table of passwords and their encrypted outputs. How many passwords? All of them. MD5 would be better, because it would require a much larger table in order to reverse it. One thing I find very cool is that MD5 is exportable, and can be used very easily for very strong encryption. The strength depends on the very strong non-reversability. -- Charles Howes -- chowes () helix net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971
Current thread:
- Re: passwd hashing algorithm don () paranoia com (Apr 13)
- Re: passwd hashing algorithm Perry E. Metzger (Apr 13)
- Re: passwd hashing algorithm Jon Peatfield (Apr 15)
- Re: passwd hashing algorithm Timothy Newsham (Apr 17)
- <Possible follow-ups>
- Re: passwd hashing algorithm Louis Taber (Apr 13)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm John F. Haugh II (Apr 16)
- Re: passwd hashing algorithm Charles Howes (Apr 14)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm der Mouse (Apr 14)
- Re: passwd hashing algorithm smb () research att com (Apr 14)
- Re: passwd hashing algorithm Dennis Glatting (Apr 15)
- Re: passwd hashing algorithm smb () research att com (Apr 16)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: passwd hashing algorithm John F. Haugh II (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 18)
- Re: passwd hashing algorithm Charlie Watt (Apr 19)
- Re: passwd hashing algorithm Tom Fitzgerald (Apr 19)
- Re: passwd hashing algorithm Charlie Watt (Apr 20)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)