> My replies have always been in the context of what Shadow does for long > passwords. Yes, there has been some confusion in this thread. I was, uh, > quite shocked to see what David Wagner was really talking about because > it is pretty obvious that it has security problems. Essentially, it > removes the 1:1 cleartext to ciphertext relationship that some of us feel > crypt() has. I don't know what the new relationship is, but its probably > GodAwfulLarge to 1. Once you assume that there are GodAwfulMany passwords > which yield the same result, the 2^56 brute force attack is much easier. The posted data just shows that two strings with differing salts can hash to the same value (without the salt). This doesn't buy you anything since the salt is used in the compare when doing authentication. The post did not show that two passwords can hash to the same value while using the same salt (and it doesn't show that it can't either). Your second statement (...but its probably ...) seems to be based on nothing but pessimism. > John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh > Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh@rpp386.cactus.org Tim N.