60-second timeout in Unix login
Doug Gwyn
gwyn at brl-smoke.ARPA
Wed Feb 24 08:03:56 AEST 1988
In article <259 at aiva.ed.ac.uk> richard at uk.ac.ed.aiva (Richard Tobin) writes:
>Of course, comparing two encrypted passwords for equality is trickier,
>as the "salt" may be different.
That was my whole point. With something like 4K salts, you would have to
keep a LOT of encrypted previous-password data around.
>BTW, does knowing two different encryptions of a password (ie encrypted
>with different salts) make decrypting easier?
In theory, yes, but in practice decryption of such short samples of DES-
encrypted data by analysis is generally considered too difficult. Thus
the emphasis on "practical cyrptanalysis", such as is done by the program
that was posted to sci.crypt recently.
More information about the Comp.unix.wizards
mailing list