Bugtraq mailing list archives
Re: passwd hashing algorithm
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Sun, 16 Apr 95 10:31:40 CDT
Agreed. Personally, I am wondering when Unix will get overhauled so that these recurring holes (sendmail, crypt<>, etc) will be brought to a higher level of perfection. Regarding crypt() I would think a one-way mechanism is the answer, versus having keys that are left around the system.
crypt() is a one-way function already. The only known attacks against the UNIX password file are brute force and password guessing. There is no "decryption key". The problems with UNIX encrypted passwords are their length (too short), their construction (no standard utilities for enforcing "good" passwords) and the visibility of the encrypted password on many systems (include in that notion things like Classic-NIS). Those three problems are fixed in various products, freeware and commercial, they just haven't been adopted by all of the vendors so far. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
Current thread:
- Re: passwd hashing algorithm don () paranoia com (Apr 13)
- Re: passwd hashing algorithm Perry E. Metzger (Apr 13)
- Re: passwd hashing algorithm Jon Peatfield (Apr 15)
- Re: passwd hashing algorithm Timothy Newsham (Apr 17)
- <Possible follow-ups>
- Re: passwd hashing algorithm Louis Taber (Apr 13)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm John F. Haugh II (Apr 16)
- Re: passwd hashing algorithm Charles Howes (Apr 14)
- Re: passwd hashing algorithm maquis (Apr 14)
- Re: passwd hashing algorithm der Mouse (Apr 14)
- Re: passwd hashing algorithm smb () research att com (Apr 14)
- Re: passwd hashing algorithm Dennis Glatting (Apr 15)
- Re: passwd hashing algorithm smb () research att com (Apr 16)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)
- Re: passwd hashing algorithm John F. Haugh II (Apr 18)
- Re: passwd hashing algorithm David A. Wagner (Apr 18)
- Re: passwd hashing algorithm Charlie Watt (Apr 19)
- Re: passwd hashing algorithm Tom Fitzgerald (Apr 19)
- Re: passwd hashing algorithm David A. Wagner (Apr 17)