Xref: utzoo sci.crypt:1428 comp.unix.wizards:13714 news.sysadmin:2005
Path: utzoo!attcan!lsuc!ncrcan!ziebmef!mdf
From: mdf@ziebmef.uucp (Matthew Francey)
Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin
Subject: Re: Yet Another useful paper
Message-ID: <1988Dec26.151208.19016@ziebmef.uucp>
Date: 26 Dec 88 20:12:07 GMT
References: <11013@ulysses.homer.nj.att.com> <2308@cuuxb.ATT.COM> <12750@bellcore.bellcore.com>
Organization: Ziebmef Public Access Unix, Toronto, Canada
Lines: 19

In article <12750@bellcore.bellcore.com>, karn@ka9q.bellcore.com (Phil Karn) writes:
>                          I'd also like to see a standard "key crunching"
> algorithm for transforming a password (or phrase) longer than 8 characters
> into a 56-bit DES key. Such a standard would be useful for encryption
> programs as well.  A 56-bit search space is well beyond the brute-force
> abilities of most crackers (though perhaps not the NSA) **IF** the keys are
> widely and evenly distributed within it.

  But what will this accomplish is the password file is readable and the
encrpytion method (key crunching and all) public?  The cracker would simply
crunch her dictionary, and continue as before.

  A possible solution is to have each site pick its own secret encryption
method (for example, start with a non-zero block).  Could it remain secret
for a long long time (years... it would be a major pain changing it)?
Probably not, since anyone could disassemble passwd...
--
Name: Matthew Francey			 Address: N43o34'13.5" W79o34'33.3" 86m
mdf@ziebmef.UUCP		  uunet!utgpu!{ontmoh!moore,ncrcan}!ziebmef!mdf