home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!iWarp.intel.com|inews!gomez!adam
- From: adam@gomez.intel.com (Adam Margulies ~)
- Newsgroups: alt.security
- Subject: Re: passwd security check
- Message-ID: <12431@inews.intel.com>
- Date: 23 Jul 92 17:04:12 GMT
- References: <1992Jul22.190827.30077@iitmax.iit.edu> <1992Jul22.221222.6185@Princeton.EDU> <1992Jul23.092715.1@zodiac.rutgers.edu> <14mgkaINN1uq@moe.ksu.ksu.edu>
- Sender: news@inews.intel.com
- Organization: Software Technology, Intel Corp, Santa Clara, CA
- Lines: 19
-
- In article <14mgkaINN1uq@moe.ksu.ksu.edu> rjq@phys.ksu.edu (Rob Quinn) writes:
- >In <1992Jul23.092715.1@zodiac.rutgers.edu> leichter@zodiac.rutgers.edu writes:
- >]One thing it's important to remember is that there are many passwords that
- >]hash to the same value. Even if you and I have the same salt and the same
- >]hash value, it doesn't mean we chose the same password - though it DOES mean
- >]that either of our passwords will work on either account.
- >
- > Can you provide an example? Or is there some mathematical proof? This question
- >has come up a lot before, and there have been answers on both sides, but no
- >proof either way that I have seen.
-
- DES has a theorectical weakness in that for any key there are exactly 7 other keys that will
- crypt to the same string. I.E. if your password is "batman!" there exist seven other keys which
- are not "batman!" that will allow access to your account. Fortunately they are almost certainly
- extremely strange strings like "@gW #s(u", and not likely to match a human generated password.
-
- Another interesting thing about DES is that there are 8 keys that crypt to a string of
- all spaces and there are even keys that when encrypted reproduce themselves in the
- crypted output. Weird.
-
