Xref: utzoo sci.crypt:1392 comp.unix.wizards:13523 news.sysadmin:1956
Path: utzoo!utgpu!watmath!clyde!att!cuuxb!dlm
From: dlm@cuuxb.ATT.COM (Dennis L. Mumaugh)
Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin
Subject: Yet Another useful paper
Summary: password cracking is faster now
Keywords: DES UNIX passwords
Message-ID: <2308@cuuxb.ATT.COM>
Date: 16 Dec 88 22:07:42 GMT
References: <11013@ulysses.homer.nj.att.com>
Reply-To: dlm@cuuxb.UUCP (Dennis L. Mumaugh)
Organization: ATT Data Systems Group, Lisle, Ill.
Lines: 31

The latest copy of the USENIX Journal has an article worth reading:

%A Matt Bishop
%T An Application of a Fast Data Encryption Standard Implementation
%J Computing Systems
%I The USENIX Association
%V 1
%N 3
%P 221-254
%D Summer 1988
%O The University of California Press
%X The Data Encryption Standard is used as a basis for the UNIX
password encryption scheme.  Some of the security of that scheme
depends on the speed of the implementation.   This paper presents a
mathematical formulation of a fast implementation of the DES in
software, discusses how the mathematics can be translated into code,
and then analyzes the UNIX password scheme to show how these results
can be used to implement it.  Experimental results are provided for
several computers to show that the given method speeds up computation
of a password by roughly 20 times (depending on the specific
computer).

This paper shows how to improve the speed of DES and can also show how
to improve breaking DES.

As far as UNIX passwords, it further justifies the use of a shadow
password file and the use of 64 character pass phrases.

-- 
=Dennis L. Mumaugh
 Lisle, IL       ...!{att,lll-crg}!cuuxb!dlm  OR cuuxb!dlm@arpa.att.com