mailing list archives
Re: Strength of Triple-DES
From: patrick () oes amdahl com (Patrick Horgan)
Date: Fri, 14 Apr 1995 22:17:22 +0800
I realize that the primary method of crack is guessing weak passwords,
but it also attempts to decrypt. And given the weakness of
Are you sure that crack does that? I haven't looked at any new versions
for awhile, but there was no cracking software in it before. The time
it would take even for the watered down DES variant used for UNIX passwords
is beyond the available resources of most sites.
single-DES, it isn't that hard. So anything that improves
cryptographic strength is good. Also, it reduces the harm caused by
weak passwords, and adds value to strong passwords.
It doesn't if the scheme is built into the system, and it would have to
be since there's so much on systems that want to verify your password.
Then you're back to the same problem as before. If they can get a copy
of your encrypted password they can do a dictionary attack. Triple DES
would slow them down, but that's about it.
Of course cracking passwords is a possible attack only if you're incredibly
stupid in how you administer your site. The real problem these days is
that the passwords go through many sites in the clear.
I also realize that the ideal solution would be to eliminate fixed
passwords and replace them with some sort of double-blind,
smart-client scheme. But it won't work, not as long as we're
dependent on existing clients like telnet and ftp working. I'd say
There's already a lot of telnet clients and servers now that are
negotiating secure authentication, and there'll be more all the time.
The day will come soon that people will tell their telnetd not to talk
to any clients that can't do secure authentication.
That solution's here today, written in the RFCs and available freely
on the net.
/ These opinions are mine, and not Amdahl's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Amdahl Corporation \\ Have |
| patrick () amdahl com 1250 East Arques Avenue \\ _ Sword |
| Phone : (408)992-2779 P.O. Box 3470 M/S 316 \\/ Will |
| FAX : (408)773-0833 Sunnyvale, CA 94088-3470 _/\\ Travel |
- Strength of Triple-DES Dave Stagner (Apr 13)
- <Possible follow-ups>
- Re: Strength of Triple-DES Patrick Horgan (Apr 14)