Path: utzoo!attcan!uunet!lll-winken!ames!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.unix.wizards
Subject: Re: Password security - Another idea
Message-ID: <9328@smoke.BRL.MIL>
Date: 10 Jan 89 18:39:46 GMT
References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4537@xenna.Encore.COM> <4547@xenna.Encore.COM> <2338@cuuxb.ATT.COM> <4612@xenna.Encore.COM> <2362@cuuxb.ATT.COM>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 12

In article <2362@cuuxb.ATT.COM> dlm@cuuxb.UUCP (Dennis L. Mumaugh) writes:
>The password encryption alogithm needs strenghtening!  RSA or DES
>or any other encryption scheme will work if the key space is
>expanded much more.

That's too generous -- the cryptosystem must also be inherently "strong".
Certainly if the key space is small enough, exhaustive search is possible,
but the converse is not necessarily true!

In reality, crackers are as unlikely to cryptanalyze the password
encryption system as burglars are to pick your lock.  They will use
force instead.