Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!usc!ucsd!ucbvax!ucsfcgl!cca.ucsf.edu!root From: root@cca.ucsf.edu (Systems Staff) Newsgroups: comp.os.minix Subject: Re: Crypt() Summary: Two pretty powerful scramblers are available. Message-ID: <3005@ucsfcca.ucsf.edu> Date: 29 Jun 90 02:51:48 GMT References: <22918@nigel.udel.EDU> Organization: Computer Center, UCSF Lines: 49 In article <22918@nigel.udel.EDU>, archer%segin4.segin.fr@prime.com (Vincent Archer) writes: > There's a solution that will satisfy everyone: use a scrambler rather than a > crypter. A scrambler's output is not reversible (like passwords in /etc/passwd > should be), so scramblers algorithm are not considered as "sensible material". > Unfortunately, I do not have a scrambler algorithm at hand, but here's an idea: [description of algorithm deleted] > I sincerely doubt that this function would be reversible. If anybody can > think of an algorithm that (even with the salt value) gives back the original > password, well, maths can do wonders :-) Remember, for password applications the function need not be reversible. All you need to do is find _any_ string which will yield the desired result; it need not be the original. > For those who don't like maths (especially boolean arithmetics), I'll try to > write a crypt() that use this algorithm, if nobody has anything better to > propose. Two powerful algorithms have recently had full source code posted: MD4 by Ron Rivest (R of RSA) and Snefru by Ralph Merkle I doubt that it is worth your while trying to improve on these. They produce longer scrambles than most Unix systems use in their passwords so there are some questions involved in their application. I suggest that you include a confidential addendum specific to each machine in the message being scrambled to avoid the defect in the Unix password system that allows transferring password data to other machines for cracking. Thos Sumner Internet: thos@cca.ucsf.edu (The I.G.) UUCP: ...ucbvax!ucsfcgl!cca.ucsf!thos BITNET: thos@ucsfcca U.S. Mail: Thos Sumner, Computer Center, Rm U-76, UCSF San Francisco, CA 94143-0704 USA I hear nothing in life is certain but death and taxes -- and they're working on death. #include