[9934] in bugtraq
Re: Digital Unix 4 protected password database.
daemon@ATHENA.MIT.EDU (Alec Muffett)
Tue Mar 16 16:48:36 1999
Date: Mon, 15 Mar 1999 11:27:00 +0000
Reply-To: Alec Muffett <Alec.Muffett@UK.SUN.COM>
From: Alec Muffett <Alec.Muffett@UK.SUN.COM>
X-To: Nate Lawson <nate@root.org>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 12 Mar 1999 17:34:27 PST."
<Pine.BSF.3.96.990312135933.4921A-100000@root.org>
[making up to 16 char passwords by overlapping 8-char strings]
>>The alternate scheme you mention (in the part I cut) of encrypting the
>>first 8 characters and the last 8 seems to me to result in a 16 char
>>keyspace. Clever.
>
>Unfortunately, it doesn't perform strong mixing and thus does not produce
>a result as strong as its 16 character length implies.
From the crypto-purist point of view, I certainly would not argue with that;
part of the reason I came up with that algorithm was to try and support minimal
effort backwards compatability on an ancient networked system, where I could
poke the standard:
if (!strcmp(plaintext, ciphertext), ciphertext)) {
...mantra, into:
if (!strncmp(plaintext, ciphertext), ciphertext), 13) {
...for the small number of systems which could not be seriously overhauled to
use a decent crypt() replacement, for lack of source code; the first 13 chars
of the ciphertext in the modified algorithm are equivalent to a traditional
crypt, and in this limited circumstance it was useful to exploit that feature.
Of course, backwards compatability is a ***BAD*** thing in authentication
(ref: WinNT) - nonetheless, I consider it a neat toy hack, whose strength is
dependent upon the effectiveness of the DES mixing in crypt, and to practical
limitations it is pretty good.
>As you can see, the only proper way of increasing the effective length of
>a password is to use a cryptographic hash algorithm or implement a scheme
>of thorough plaintext mixing. Look into the efforts of expanding DES for
>good examples of how to mix plaintext properly.
Quite. In these days of ubiquitous access to MD5 and SHA-1 algorithms, it
would be insane to use anything less.
- alec
--
alec muffett, sun professional services, alec.muffett @ uk.sun.com
#4 - goading fierce man
