Promotion of cryptography
Ian G Batten
I.G.Batten at ftel.co.uk
Wed, 25 Aug 1999 13:22:57 +0100 (BST)
This is a multi-part message in MIME format...
------------=_935583739-4359-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Md5: nQGwkIZlF7QINfHlH3U3PA==
You write:
> This is its employment in the crypt(3) algorithm that is used to encrypt
> passwords on many versions of the Unix operating system, the most numerous
> examples probably being SunOS and HP-UX.=20
=46rom my laptop (I changed one byte):
igb:$1$rr9J6Ed8$T/odJygTKgfxNxoRhfTnV1:101:10:Ian G Batten:/home/igb:/bin/b=
ash
The use of MD5 is hardly rocket science.
> For reasons explained below it is important that in this application DES
> is dropped in favour of a password encryption algorithm that allows
> passwords (ie. keys) to be much longer than 8 (eight) characters and which
> is also computationally expensive so that attempts at key searches are
> much more costly than at present.=20
MD5, for example. Or SHA-1. Obviously you will want to has the
username, the password, the uid and anything else that comes to hand to
reduce the effectiveness of dictionary searches.
> [Note that in a networked Unix environment, passwords can also be
> vulnerable to "sniffers" and similar software because they normally
> traverse the network unencrypted!]
Use ssh.
ian
------------=_935583739-4359-0
Content-Type: application/pgp-signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: PGP Information
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: tipDluJiqkA1OOOeOKip38ELNpmZ+Qh+
iQB1AwUBN8Pf/Moy0yij3IvtAQE2/QMAvRxjvzT6X6O17g6p5AGn+oKFRrA9AKYk
Y5GlS/K6IQ8IM7PKphfCMTxrcTh4V5YstHYQpO4UY2LHo0eyPmScmy7+IuU1uPd1
C5AglasrSzpkVghiE1gOzjgrAeiT+eev
=pgJ7
-----END PGP MESSAGE-----
------------=_935583739-4359-0--