>* David Faron Stagner (stagda@sys1.ic.ncs.com) writes >I'm with der Mouse on this... the current state of crypt() and >password hashing in unix is inexcusable. ..... stuff removed > >So what we're left with is replacing crypt() with something decently >strong. How about triple DES? At this point in the game, triple DES >seems as strong as anything available, and certainly far stronger than >the existing scheme. It also would not change the length of the >passwords on file or the basic authentication mechanism. Of course, >this still doesn't solve the problem of weak passwords (which is still >a basic attack mechanism for crack), but it would make >minimum-password schemes much more effective, and increase the value >of good passwords substantially. > >Someone tell me if I'm completely off-base here. >-- >* David Faron Stagner >* National Computer Systems david_stagner@ic.ncs.com >* 2510 N Dodge St vox 319 354 9200 ext 6884 >* Iowa City, IA 52244 fax 319 339 6555 My take on this is that encryption is NOT the way to go. This would mean that there exists a key that could decrypt the entire password file. On this count triple DES is no better than regular DES. From my understanding the MD5 would work well. It is non-reversible. Louis Louis Taber ltaber@pima.edu Pima Community College, Computer Science, 2202 W. Anklam Rd, Tucson, AZ 85709 (520) 884-6039 Secretary / (520) 884-6850 Office direct