Home page logo

bugtraq logo Bugtraq mailing list archives

Re: passwd hashing algorithm
From: smb () research att com (smb () research att com)
Date: Fri, 14 Apr 95 08:33:16 EDT

         My take on this is that encryption is NOT the way to go.
         This would mean that there exists a key that could decrypt the
         entire password file.  On this count triple DES is no better
         than regular DES.  From my understanding the MD5 would work
         well.  It is non-reversible.

In the current scheme, DES is used as a one-way function; the password
file is non-invertible.  See the Morris and Thompson paper.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]