Improving password security
Wilson Heydt
whh at pbhya.PacBell.COM
Sat Nov 19 13:12:57 AEST 1988
I've been reading the discussions of how to tighten security in the
light of recent events. In particular, the remarks about weaknesses
in the existing password encryption algorithms.
I am puzzled about an omission in the solutions suggested.
As I recall from the supplementary Unix manuals--specifically the
two articles on passowrd security--it is noted that the standard
Unix schemeuses the passowrd as the encryption key on a standard
plaintext. Would it not be a great help in stopping brute-force
attacks to make the plain-text configurable by binary-licnese sites?
Then the attacker would have to either break to the plain text for
each site--difficult enough in itself, restrict itself to some
subset of the possible plaintexts, or generate an implausibly large
dictionary.
Am I off base? Merely out of date? Or has this been (or is this
being) done?
--Hal
=========================================================================
Hal Heydt | "Hafnium plus Holmium is
Analyst, Pacific*Bell | one-point-five, I think."
415-645-7708 | --Dr. Jane Robinson
{att,bellcore,sun,ames,pyramid}!pacbell!pbhya!whh
More information about the Comp.unix.wizards
mailing list