Path: utzoo!attcan!uunet!husc6!mailrus!eecae!cps3xx!rang
From: rang@cpsin3.cps.msu.edu (Anton Rang)
Newsgroups: news.sysadmin
Subject: Improving crypt()
Summary: Do multiple passes help much?
Message-ID: <1038@cps3xx.UUCP>
Date: 9 Nov 88 21:42:00 GMT
Sender: usenet@cps3xx.UUCP
Reply-To: rang@cpswh.cps.msu.edu (Anton Rang)
Organization: Michigan State University, Computer Science Dept.
Lines: 13

I noticed the suggestion a while ago that crypt() should make more
passes of DES encryption than it currently does.  It seems to me that
there is a point where nothing is gained: going from a 64-bit password
to an 88-bit encrypted form, is any more security gained by going over
the process again and again?
  Am I missing something here?  Why couldn't, say, 1000 passes of DES
just be translated into one pass of some other algorithm?  Or is the
point just that it's slower when doing the regular algorithm?

+---------------------------+------------------------+----------------------+
| Anton Rang (grad student) | "UNIX: Just Say No!"   | "Do worry...be SAD!" |
| Michigan State University | rang@cpswh.cps.msu.edu |                      |
+---------------------------+------------------------+----------------------+