Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!necntc!dandelion!ulowell!eagle!arosen
From: arosen@eagle.ulowell.edu (MFHorn)
Newsgroups: sci.crypt
Subject: Re: Unix Password Security
Message-ID: <5081@swan.ulowell.edu>
Date: 25 Feb 88 02:42:20 GMT
References: <7271@brl-smoke.ARPA> <5289@well.UUCP>
Sender: news@swan.ulowell.edu
Reply-To: arosen@hawk.ulowell.edu (MFHorn)
Distribution: na
Organization: University of Lowell, CS Dept.
Lines: 16

In article <5289@well.UUCP> pokey@well.UUCP (Jef Poskanzer) writes:
>And so that it
>doesn't take minutes to log in, use fdes instead of crypt.

Unfortunately (or fortunately, depending on the color of your hat), fdes
doesn't work on all machines.

Say it does work on your machine, and you put it into login, but hide the
source so users can't use it.  The cracker can then just open a pipe to
login and use it that way.  It will be slower due to the added overhead,
but it'll still be faster than your own program (like the one just posted)
using crypt(3).

Andy Rosen           | arosen@hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031   | ulowell!arosen          |  learned how to make it
Lowell, Ma 01854     |                         |  talk" -Thunder Road
                   RD in '88 - The way it should be