> > > SecureWare uses a mechanism similar to this and it is part of one of > > > their security offerings. I've used a slightly different, but similar, > > > approach for several years > > We do not. See below. I think the confusion lies in "similar". Otherwise, I stand by my remarks, source code samples from you not withstanding. > This is most certainly NOT SecureWare's password implementation, although > I can understand why there might be some confusion. SecureWare has modified > the behavior of password hashing not to increase the strength of the > underlying crypt(), but to increase the size of the possible password space > and the resulting hash value. The algorithm breaks a password into crypt- > sized blocks, running crypt() across each block. The salt for each block is > derived from the ciphertext of the previous block to provide linkage between > the individual blocks. The resulting hash is the concatenation of the > various ciphertext blocks, prefixed with the initial salt. Yes. You use crypt() once for each block of 8 characters. This is what was described. 25 rounds of DES (one crypt()) with the first crypt()-sized block followed by 25 rounds of DES (one crypt()) with the second crypt()-sized block. As I understand the algorithm, the salt is the last 2 ciphertext characters of the previous encrypted result. > This strong mechanism, combined with shadow password files and configurable > password controls (random pronounceable password generator, password aging, > minimum allowable lengths, attack detection and account lockout, etc...) > allow a system security officer to be as paranoid as they choose -- e.g., > passwords can be configured to look like standard Unix, they can be configured > to be 128 byte random passwords, or they can be configured somewhere in > between. As an example, my password is between 8 and 16 bytes long. Its > entry in the shadow password database looks like: > > watt:u_name=watt:u_id#124:\ > :u_pwd=8F0Ovkj7jA9jE.ofsJ4MaIt6:\ Meaning that your password was created when crypt() returned "8F0Ovkj7jA9jE" then "jE.ofsJ4MaIt6". If the guy with the crypt() attack was serious, he should be able to generate a pair of keys which will produce your encrypted password. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh@rpp386.cactus.org