home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!wupost!waikato.ac.nz!aukuni.ac.nz!cs18.cs.aukuni.ac.nz!pgut1
- Newsgroups: comp.lang.c
- Subject: Re: Password encryption?
- Message-ID: <1992Sep4.073201.28500@cs.aukuni.ac.nz>
- From: pgut1@cs.aukuni.ac.nz (Peter Gutmann)
- Date: Fri, 4 Sep 1992 07:32:01 GMT
- Sender: pgut1@cs.aukuni.ac.nz (PeterClaus Gutmann )
- References: <julian.715516516@sun-1> <18574tINNoh@darkstar.UCSC.EDU>
- Organization: Computer Science Dept. University of Auckland
- Keywords: password, encryption
- Lines: 36
-
- In <18574tINNoh@darkstar.UCSC.EDU> noesis@ucscb.UCSC.EDU (95016000) writes:
-
- >In article <julian.715516516@sun-1> julian@sun-1.cs.uct.ac.za (Julian Hansen) writes:
- >>Hi world,
- >>
- >>I need to do some password encryption and maybe data encryption to. Anyone
- >>out there like to help me. Some code would be nice and maybe a few pointers
- >>on what not to do (and what to do). Any help would be most appreciated.
- >>
- >here's what i use with some success:
-
- >long encrypt(char *s)
- >{
- > long result=1;
- > char *ptr;
-
- > srand(0x1234);
- > for (ptr=s; *ptr; ptr++)
- > result+=(*ptr)*rand();
- > return result;
- >}
-
- Don't rely on this for security. What you're doing is xor-ing your data
- stream with a LCRNG (linear congruential random number generator). These are
- quite easy to break, for example the paper "How to Predict Congruential
- Generators" presented at Crypto '89 gives much information on this (plus a lot
- of references to other papers). This approach is enough to keep the plebs
- out, but won't withstand any real attack. If you want to perform password
- encryption you really should use a one-way hash function such as MD5, Snefru,
- or the NIST SHA (by an amazing coincidence :-) I posted SHA source code to
- sci.crypt about 15 minutes ago, you could grab that and use it).
-
- Peter.
- --
- pgut1@cs.aukuni.ac.nz || peterg@kcbbs.gen.nz || peter@nacjack.gen.nz
- (Email is currently not terribly reliable)
-
