Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!ukc!axion!rtf.bt.co.uk!duplain
From: duplain@rtf.bt.co.uk (Andy Duplain)
Newsgroups: comp.unix.admin
Subject: Re: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <1991Mar23.102523.5820@rtf.bt.co.uk>
Date: 23 Mar 91 10:25:23 GMT
References: <1991Mar19.231715.28594@comp.vuw.ac.nz> <1991Mar20.061813.17416@agate.berkeley.edu>
Organization: British Telecom Customer Systems, Brighton, UK
Lines: 19

In article <1991Mar20.061813.17416@agate.berkeley.edu> c60b-1eq@e260-1c.berkeley.edu (Noam Mendelson) writes:
>If one were to crack passwords they would attempt to encrypt strings
>and compare the result to the /etc/passwd entry (since they know the salt).

Absolutely,
	One way of doing this could be using the SunOS l64a() library function,
	which can generate base-64 strings from long ints.  But since l64a()
	can generate a maximum of 6 characters, and since crypt() takes a long
	time to run, it would take several months, and you wouldn't get any
	passwords longer than 6 chars.

	No go!


-- 
=== Andy Duplain ==============================================================
British Telecommunications PLC, Customer Systems, Brighton, United Kingdom.
#define DISCLAIMER My views and options are not necessarily those of my company
Internet: duplain@rtf.bt.co.uk         UUCP: ...!uunet!ukc!axion!bscsq1!duplain