I'm with der Mouse on this... the current state of crypt() and password hashing in unix is inexcusable. The basic crack attack on unix-based systems is to steal the passwd file and run crack, which should net a password or two (at least) within an hour. The "solution" so far is shadowed passwd files, at best a kludge. It just changes the game so a root-level process has to be convinced to cat the shadowed passwd file somewhere... not a particularly difficult proposition, judging from the healthy activity on this mailing list. The *good* solution would be some sort of public key or other double-blind authentication scheme which doesn't pass cleartext passwords over the net at login time, is cryptographically strong, and allows passwords of arbitrary length. The current scheme is none of these. The obvious first sacrifice is public key/blind authentication, because it would constitute a serious change and complication to the current scheme. The second sacrifice might be arbitrary-length passwords, on the (probably irrelevant) belief that some programs might not deal well with long passwords in the passwd file. So what we're left with is replacing crypt() with something decently strong. How about triple DES? At this point in the game, triple DES seems as strong as anything available, and certainly far stronger than the existing scheme. It also would not change the length of the passwords on file or the basic authentication mechanism. Of course, this still doesn't solve the problem of weak passwords (which is still a basic attack mechanism for crack), but it would make minimum-password schemes much more effective, and increase the value of good passwords substantially. Someone tell me if I'm completely off-base here. -- * David Faron Stagner * National Computer Systems david_stagner@ic.ncs.com * 2510 N Dodge St vox 319 354 9200 ext 6884 * Iowa City, IA 52244 fax 319 339 6555 I disclaim my employer and I'm sure they'd disclaim me too. (This .sig has been sanitized for your protection)