Xref: utzoo comp.unix.wizards:13820 news.admin:4439 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!killer!rpp386!jfh From: jfh@rpp386.Dallas.TX.US (The Beach Bum) Newsgroups: comp.unix.wizards,news.admin Subject: Re: Password security - Another idea Summary: Nope, still only 56 bits ... Message-ID: <10629@rpp386.Dallas.TX.US> Date: 3 Jan 89 05:10:23 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <2271@pompeii.cs.swarthmore.edu> <230@ibd.BRL.MIL> <946@ruuinf.UUCP> Reply-To: jfh@rpp386.Dallas.TX.US (The Beach Bum) Organization: Big "D" Home for Wayward Hackers Lines: 31 In article <946@ruuinf.UUCP> piet@ruuinf (Piet van Oostrum) writes: [ nice, long description ... ] >Now the input to the encryption algorithm consists of: > 12 bits 'salt' > 56 bits DES-key > 64 bits constant to be encrypted. > >that makes a total of 132 bits. If you take each of the above 3 >parts from various bits of the password, then we could accommodate 19 >character passwords. No - you are still only storing 56 bits of password data. What you are doing is providing a multi-way encryption algorithm, you are not expanding the key space. Since there are only 2^56 possible outputs, and 2^132 inputs, some of them must map onto other encrypted passwords - a multi-way encryption. This reminds me - old VAX/VMS used CRC16 to encrypt their passwords. Which is about as multi-way as it gets ... This would mean, if correct, that only 65,536 different passwords would have to be generated to break the system. The successful cracker pre-encrypts several times this many passwords using the CRC16 instruction to generates a complete dictionary of all possible output values. -- John F. Haugh II +-Quote of the Week:------------------- VoiceNet: (214) 250-3311 Data: -6272 |"Anything on the road which can be InterNet: jfh@rpp386.Dallas.TX.US | hit, will be ..." UucpNet : !killer!rpp386!jfh +--------------------------------------