Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!brunix!cs.brown.edu!cs132041
From: cs132041@cs.brown.edu (Jeremy Gaffney)
Newsgroups: comp.unix.wizards
Subject: Re: WARNING!
Message-ID: <72983@brunix.UUCP>
Date: 21 Apr 91 22:01:37 GMT
References: <26512@adm.brl.mil> <1991Apr14.093305.12559@thunder.mcrcim.mcgill.edu> <1991Apr20.150213.23439@csusac.csus.edu> <1991Apr20.163540.23924@engin.umich.edu>
Sender: news@brunix.UUCP
Organization: Brown Computer Science Dept.
Lines: 22

In article <1991Apr20.163540.23924@engin.umich.edu>, mjo@irie.ais.org (Mike O'Connor) writes:
|> In article <1991Apr20.150213.23439@csusac.csus.edu> croft@csusac.csus.edu (Steve Croft) writes:
|> :Leong and Tham presented a paper at winter Usenix where they claimed a
|> :hardware based encyrpter could determine a lower case password in 15
|> :days.  On the basis of this, they claimed that UNIX password encryption
|> :is insecure.
|> 
|> How would the passwords be recognized as such?  Visual inspection?  I
|> can't imagine my password as being anything but gibberish, even if
|> decrypted. 
|> 

As was mentioned earlier in this thread, all that would be required is any password
which returned the same encryption as the original.  I would be interested in knowing
how they determine the seeding that is used to encrypt the original...I was under
the impression that this was site-specific.

jg (cs132041@cs.brown.edu)

|> 
|> ====
|> Mike O'Connor (mjo@ais.org)