Query on speed of crypt(3)

Daniel Ray norstar at tnl.UUCP
Sun Dec 31 16:50:39 AEST 1989


In article <3364 at rti.UUCP>, trt at rti.UUCP (Thomas Truscott) writes:
   ...
   crypt(3) uses DES which is slow in software and fast in hardware.
   And the hardware is cheap so it can be replicated.
   Using hardware to find DES keys by exhaustive search is easily
   within the budget of major governments.
   ...

I wonder what is the chance that the NSA has a complete database of all
possible /etc/passwd encrypted strings, for all 4098 salts... I'll just
bet they can look up any password, in a few microseconds!

The key to password security (assuming we stay with a crypt(3)-type
hashing scheme with shorter length passwords) seems to be having a unique
scheme for each machine. When a new UNIX system is installed, it could
use its own key (instead of always the string of nulls crypt(3) uses), then
link the login/su/passwd programs on the spot with that site's specific
configuration. This would make your crypt(3) work differently from my
crypt(3). Many more possibilities, much harder to crack outside your own
site. Same should apply to the shadow scheme. Each site uses a different
secret passwd file, a different directory and path each time. An intruder
wouldn't know where to look for the encrypted strings. That's what we do
here on TNL. Just as the proliferation of viruses is hindered by the
variation of operating environments, so can breaking a password system
be blocked by site-specific implementations.

norstar
The Northern Lights, Burlington Vermont             |      
tnl dialins: 802-865-3614 at 300-2400 bps.        ` | /    
------------------------------------------      --- * ---  
uucp: uunet!uvm-gen!tnl!norstar or                / | .    
{decvax,linus}!dartvax!uvm-gen!tnl!norstar          |      



More information about the Comp.unix.questions mailing list