Password security - Another idea

tim at scsmo1.UUCP tim at scsmo1.UUCP
Sat Dec 31 14:05:00 AEST 1988


One thing to keep in mind is that a valid password may not be the same one
the user set.  For example the passwords iopwwe and wer4543 may encrypt to
the same string.  The is becuase of the DES method is nonreversable,  you
can find a valid password but you can't be sure it is the correct one.

If you generate a 56 bit key from a phrase, all that happenes is that
you generate more strings that will work.  I think that the number of strings

I like the idea of a 6+ char password with a non-alpha character in it works
better as there are about 6.63e15 combinations with about 2.2e14 that most
users might pick.  The string approach has more combinations 7.1e139 but 
most people have a <20k word vocabulary, will use a common phrase, and 2^56
is 7.2e16.  I would guess that the number of real strings to search is around
100,000.

The other drawback is that the string is easy to watch someone type.

						tim hogard
						tim at scsmo1.uucp
						Soil Conservaion Service USDA



More information about the Comp.unix.wizards mailing list