Re: passwd hashing algorithm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Kim Whi-kang: "I wanna get a mailing list..."
• Previous message: Dennis Glatting: "Obtaining NIS domainname from Gatorbox"
• Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
• Next in thread: Dennis Glatting: "Re: passwd hashing algorithm"

> The point is, however, that DES isn't used in crypt(3) as a cipher but
> as a weird hash function over an eight byte value, the password, and

Strengthening the password encryption algorithm strikes me as putting a
tighter lock on the door when the window is standing wide open... if
someone really wants to break into your machine, they can put a sniffer 
on your network, and it won't matter how good your encryption algorithm 
is.  Admittedly it's a little harder to get a sniffer running on a
network than crack, but even so, reusable passwords are doomed...

...Robert

• Next message: Kim Whi-kang: "I wanna get a mailing list..."
• Previous message: Dennis Glatting: "Obtaining NIS domainname from Gatorbox"
• Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
• Next in thread: Dennis Glatting: "Re: passwd hashing algorithm"