Xref: utzoo comp.unix.wizards:13806 news.admin:4437
Path: utzoo!attcan!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!hal!nic.MR.NET!csd4.milw.wisc.edu!uwmcsd1!marque!uunet!mcvax!hp4nl!ruuinf!piet
From: piet@ruuinf (Piet van Oostrum)
Newsgroups: comp.unix.wizards,news.admin
Subject: Re: Password security - Another idea
Message-ID: <946@ruuinf.UUCP>
Date: 2 Jan 89 15:49:31 GMT
References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <2271@pompeii.cs.swarthmore.edu> <230@ibd.BRL.MIL>
Sender: piet@ruuinf.UUCP
Reply-To: piet@ruuinf (Piet van Oostrum)
Organization: Dept of Computer Science, University of Utrecht, Holland
Lines: 49

In article <230@ibd.BRL.MIL>, heilpern@ibd (Mark A. Heilpern ) writes:
`If the 2-letter key used in encryption were not known, this boosts the 80 hour
`upper end to ~37 years. (80 hours * 4096 methods of encryption)

In article <1988Dec26.151208.19016@ziebmef.uucp>, mdf@ziebmef (Matthew Francey) writes:
`In article <12750@bellcore.bellcore.com>, karn@ka9q.bellcore.com (Phil Karn) writes:
`		      A 56-bit search space is well beyond the brute-force
`> abilities of most crackers (though perhaps not the NSA) **IF** the keys are
`> widely and evenly distributed within it.
`
`  A possible solution is to have each site pick its own secret encryption
`method (for example, start with a non-zero block).  Could it remain secret
`for a long long time (years... it would be a major pain changing it)?
`Probably not, since anyone could disassemble passwd...

In article <13022@bellcore.bellcore.com>, karn@ka9q (Phil Karn) writes:

`     The point is that to be maximally effective, the UNIX password
`algorithm should be given keys with 56 bits of entropy. That is, the
`distribution of actual user keys should be uniformly distributed over
`all 2^56 possible values.

In article <614@rufus.math.nwu.edu>, john@rufus (John Franks  Dept. of Math.  Northwestern Univ.) writes:
`
`Question: Why are we limited to 56 bits?  Surely  not  for  effi-
`ciency  or to save space.  This is an instance where we *want* to
`be slow.  I've heard that NSA lobbied for smallish keys  in  com-
`mercial  DES  rather than larger ones (the implication being they
`wanted a  size they  could handle easily).  Does  anybody know if 
`there is any truth to this?
`
Actually, it wouldn't be difficult to get a search space of more than 2^56:

First, force the user to use long passwords, from a reasonable set of
characters (like a minimum percentage from each of [a-z],[A-Z],[0-9] and
[!"$%^&*()_+{}<>?:@]).

Now the input to the encryption algorithm consists of:
	12 bits 'salt'
	56 bits DES-key
	64 bits constant to be encrypted.

that makes a total of 132 bits. If you take each of the above 3
parts from various bits of the password, then we could accommodate 19
character passwords.
-- 
Piet van Oostrum, Dept of Computer Science, University of Utrecht
Padualaan 14, P.O. Box 80.089, 3508 TB Utrecht, The Netherlands
Telephone: +31-30-531806        UUCP: ...!mcvax!hp4nl!ruuinf!piet