[4886] in cryptography@c2.net mail archive
Re: Salt (was: ICSA certifies weak crypto as secure)
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jun 15 10:38:27 1999
In-Reply-To: <v04011704b37d8f04322b@[24.218.56.100]>
Date: Tue, 15 Jun 1999 00:12:30 -0700
To: "Arnold G. Reinhold" <reinhold@world.std.com>,
Greg Rose <ggr@qualcomm.com>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
At 8:26 AM -0700 6/4/99, Arnold G. Reinhold wrote:
>At 9:18 AM +1000 6/2/99, Greg Rose wrote:
>>(IMHO the design decision that would most profitably have changed was the
>>limitation to 8 character passwords, not the salt.
>
>I agree with you here, though as Steve Bellovin pointed out, hashing hadn't
>been invented yet. Sigmund Porter first came up with the passphrase idea in
>1981 [1]. The hubris-laden decision to make the passwd file world-readable
>is another candidate for when we get that time machine working.
I also agree with Greg, long passwords are good. However, as a historical
note, Tymshare was using a one-way hash for passwords on its network and
hosts in 1972 when I started working there. Passwords could be "any"*
length and were hashed to a fixed length for storage in the password file.
* They could be any length, but you had to be able to type them within the
login timeout, which set a practical limit. One system programmer liked to
set people's initial password to the letters a-z followed by the digits
0-9. He said that everyone could remember it, and they would always ask
him how to change it.
-------------------------------------------------------------------------
Bill Frantz | The availability and use of secure encryption may |
Periwinkle | offer an opportunity to reclaim some portion of |
Consulting | the privacy we have lost. - B. FLETCHER, Circuit Judge |
