[1488] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (maquis)
Sat Apr 15 12:22:23 1995
Date: Fri, 14 Apr 1995 07:18:49 -0700 (PDT)
From: maquis <maquis@netcom.com>
To: Louis Taber <LTABER@pimacc.pima.edu>
Cc: stagda@sys1.ic.ncs.com, bugtraq@fc.net
In-Reply-To: <01HPAETYAYZU9ZP6KW@pimacc.pima.edu>
On 13 Apr 1995, Louis Taber wrote:
> >* David Faron Stagner (stagda@sys1.ic.ncs.com) writes
>
> >I'm with der Mouse on this... the current state of crypt() and
> >password hashing in unix is inexcusable.
> ..... stuff removed
Agreed. Personally, I am wondering when Unix will get overhauled so that
these recurring holes (sendmail, crypt<>, etc) will be brought to a
higher level of perfection. Regarding crypt() I would think a one-way
mechanism is the answer, versus having keys that are left around the system.
rf
