Re: passwd hashing algorithm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David A. Wagner: "Re: passwd hashing algorithm"
• Previous message: Marc Samama: "chroot'ed environment?"
• In reply to: David A. Wagner: "Re: passwd hashing algorithm"
• Next in thread: David A. Wagner: "Re: passwd hashing algorithm"

> 1. 25 iterations of DES with the first 8 bytes of the
>    password as key, followed by 25 iterations of DES
>    with the second 8 bytes of password as key.
> 
> 2. repeat 25 times:
>      an iteration of DES with the first 8 bytes of the
>      password as key, followed by an iteration of DES
>      with the second 8 bytes of password as key.
> 
> (1) can be broken on a workstation with ~ 2^32 steps (and
> very little in the way of memory);

I've never seen anything resembling a convincing argument for this point.
SecureWare uses a mechanism similar to this and it is part of one of
their security offerings.  I've used a slightly different, but similar,
approach for several years and except for people noting that the second
half of the encrypted string is very vulnerable, no one has ever shown
it to be significantly less strong than a single route of 8 byte crypt()
ala current practice.

What I will concede is that 1) leaves you with a password function not
much more than twice as strong as crypt() was to begin with.  This is
because, as you point out, DES is a block cipher.  I do believe that
there are better approaches to 1) that still use DES, and I'm very keen
on sticking with crypt() for compatibility reasons.
-- 
John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   @'s: jfh@rpp386.cactus.org

• Next message: David A. Wagner: "Re: passwd hashing algorithm"
• Previous message: Marc Samama: "chroot'ed environment?"
• In reply to: David A. Wagner: "Re: passwd hashing algorithm"
• Next in thread: David A. Wagner: "Re: passwd hashing algorithm"