Xref: utzoo news.sysadmin:1315 comp.unix.wizards:12288
Path: utzoo!utgpu!attcan!uunet!husc6!bloom-beacon!apple!bionet!agate!ucbvax!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Re: How to stop future viruses.
Message-ID: <10835@ulysses.homer.nj.att.com>
Date: 10 Nov 88 16:18:14 GMT
References: <2178@cuuxb.ATT.COM> <778@mailrus.cc.umich.edu>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 18

In article <778@mailrus.cc.umich.edu>, honey@mailrus.cc.umich.edu (peter honeyman) writes:
> where did you store the gigabyte file?  how long did it take to
> generate it?  (25,000 word dictionary, 4,096 salts, 11 byte output
> each.)

You don't need to use all 4096 salts; you simply need the ones used
on the target system.  On my system, for example, that reduces the
storage needed by a factor of about 20, which makes it easily manageable.

One key mistake made in the encryption algorithm design is that a cracker
can take shortcuts to speed up the encryption.  One of the slowest parts
of DES (in software) is the initial and final permutations.  These are
inverses of each other, however, which means that when iterating DES
the inverse permutation of step I and the permutation of step I+1 cancel
out, and can be omitted.  Thus, only one initial permutation, and one
final permutation, are needed, rather than 25 of each.  (This isn't my
idea, by the way; I know I've seen it elsewhere, probably in the fdes
package posted to the net a few years ago.)