mailing list archives
Re: passwd hashing algorithm
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Fri, 14 Apr 1995 07:00:54 -0400
So what we're left with is replacing crypt() with something decently
strong. How about triple DES?
[This] also would not change the length of the passwords on file or
the basic authentication mechanism.
My take on this is that encryption is NOT the way to go. This would
mean that there exists a key that could decrypt the entire password
file. On this count triple DES is no better than regular DES.
You seem to misunderstand the current scheme. The scheme is _not_
simply hash = DES crypt of typed password with some key. Rather, it is
more like hash = DES crypt of constant with typed password as key[%].
Using triple DES here would help because (a) it's harder to crack in
the sense of recovering the key from a (plain,cipher) pair and (b) the
keys are three times as wide (only twice in some variants), which means
less information loss when converting a typed password to a key.
[%] Even this is not quite accurate. The crypt is not DES but rather a
slightly perturbed DES, and it's iterated many times.
It's also non-exportable, same as the current scheme, which IMO removes
it completely from serious consideration.
From my understanding the MD5 would work well.
It does work well. One of the patches in my set of patches is one to
make libcrypt use an MD5-based algorithm for password hashing. It's
currently relative to 1.0; once I get "my" machine converted to
-current, I'll port the patches to that and send-pr the result.
(Results, actually, since the patches I have affect more than just
mouse () collatz mcrcim mcgill edu