Re: passwd hashing algorithm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: der Mouse: "Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)"
• Previous message: Adam Shostack: "Re: passwd hashing algorithm"
• Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
• Next in thread: smb@research.att.com: "Re: passwd hashing algorithm"

	 My take on this is that encryption is NOT the way to go.
	 This would mean that there exists a key that could decrypt the
	 entire password file.  On this count triple DES is no better
	 than regular DES.  From my understanding the MD5 would work
	 well.  It is non-reversible.

In the current scheme, DES is used as a one-way function; the password
file is non-invertible.  See the Morris and Thompson paper.

• Next message: der Mouse: "Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)"
• Previous message: Adam Shostack: "Re: passwd hashing algorithm"
• Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
• Next in thread: smb@research.att.com: "Re: passwd hashing algorithm"