Re: passwd hashing algorithm

[adam () bwh harvard edu (Adam Shostack)]

        I think you're off base. :) The weakness involves the speed
with which you can des data.  Doing to 3des means you (roughly) triple
the attack time, which means that in about 2 years, we'll be back
where we are today.  Remember that Crack doesn't really crack
passwords, it just tries to send in lots of passwords, and see when
the output matches.

        What you want is a strong authenticating function; something
that the user can do to demonstrate identity (and possibly possession)
to a server.  I doubt that reusable passwords are up to the task,
unless you're using some solid encryption client.  If you're going to
build a smart client, you might as well build in smart authentication.

Adam

| So what we're left with is replacing crypt() with something decently
| strong.  How about triple DES?  At this point in the game, triple DES
| seems as strong as anything available, and certainly far stronger than
| the existing scheme.  It also would not change the length of the
| passwords on file or the basic authentication mechanism.  Of course,
| this still doesn't solve the problem of weak passwords (which is still
| a basic attack mechanism for crack), but it would make
| minimum-password schemes much more effective, and increase the value
| of good passwords substantially.  
|
| Someone tell me if I'm completely off-base here.

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume