Path: utzoo!attcan!uunet!tektronix!tekcrl!tekfdi!videovax!bart
From: bart@videovax.Tek.COM (Bart Massey)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Unix 8-character passwords
Message-ID: <5328@videovax.Tek.COM>
Date: 17 Nov 88 02:39:20 GMT
References: <8811090812.AA13935@gyre.umd.edu>
Reply-To: bart@reed.UUCP (Bart Massey)
Followup-To: misc.security
Organization: Tektronix Television Systems, Beaverton, Oregon
Lines: 18

In article <8811090812.AA13935@gyre.umd.edu> chris@GYRE.UMD.EDU (Chris Torek) writes:
> [ a quite stylish explanation of why UNIX passwords are currently 8 chars max]

What I think I'd rather see is just doubling the size of the password field
in /etc/passwd, and encrypting the 2 8-char chunks of a 16-char password in
two steps.  This way, you really would greatly increase the security of
reasonable-length passwords, and I don't really see any disadvantages over
Chris's scheme of hashing bits together...  Also note that storage capacity
is growing like crazy, and one can almost construct a reasonably fast
crypt() inversion dictionary on e.g. optical store even given the two salt
chars (at least by my calculations, which are probably totally hosed.. :-).
This would push that problem into the future again...

This probably isn't an appropriate topic for TCP/IP.  I'm moving it to
misc.security...

				Bart Massey
				..tektronix!reed.bitnet!bart