[1489] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (smb@research.att.com)
Sat Apr 15 15:12:37 1995
From: smb@research.att.com
To: Louis Taber <LTABER@pimacc.pima.edu>
Cc: stagda@sys1.ic.ncs.com, bugtraq@fc.net
Date: Fri, 14 Apr 95 08:33:16 EDT
My take on this is that encryption is NOT the way to go.
This would mean that there exists a key that could decrypt the
entire password file. On this count triple DES is no better
than regular DES. From my understanding the MD5 would work
well. It is non-reversible.
In the current scheme, DES is used as a one-way function; the password
file is non-invertible. See the Morris and Thompson paper.
