Re: Digital Unix 4 protected password database.

[Alec.Muffett () UK SUN COM (Alec Muffett)]

[making up to 16 char passwords by overlapping 8-char strings]
> > The alternate scheme you mention (in the part I cut) of encrypting the
> > first 8 characters and the last 8 seems to me to result in a 16 char
> > keyspace.  Clever.
>
> Unfortunately, it doesn't perform strong mixing and thus does not produce
> a result as strong as its 16 character length implies.

> From the crypto-purist point of view, I certainly would not argue with that;
part of the reason I came up with that algorithm was to try and support minimal
effort backwards compatability on an ancient networked system, where I could
poke the standard:

        if (!strcmp(plaintext, ciphertext), ciphertext)) {

...mantra, into:

        if (!strncmp(plaintext, ciphertext), ciphertext), 13) {

...for the small number of systems which could not be seriously overhauled to
use a decent crypt() replacement, for lack of source code; the first 13 chars
of the ciphertext in the modified algorithm are equivalent to a traditional
crypt, and in this limited circumstance it was useful to exploit that feature.

Of course,  backwards compatability is a ***BAD*** thing in authentication
(ref: WinNT) - nonetheless, I consider it a neat toy hack, whose strength is
dependent upon the effectiveness of the DES mixing in crypt, and to practical
limitations it is pretty good.

> As you can see, the only proper way of increasing the effective length of
> a password is to use a cryptographic hash algorithm or implement a scheme
> of thorough plaintext mixing.  Look into the efforts of expanding DES for
> good examples of how to mix plaintext properly.

Quite.  In these days of ubiquitous access to MD5 and SHA-1 algorithms, it
would be insane to use anything less.

        - alec

--
       alec muffett, sun professional services, alec.muffett @ uk.sun.com
                            #4 - goading fierce man