mailing list archives
Re: passwd hashing algorithm
From: smb () research att com (smb () research att com)
Date: Fri, 14 Apr 95 08:33:16 EDT
My take on this is that encryption is NOT the way to go.
This would mean that there exists a key that could decrypt the
entire password file. On this count triple DES is no better
than regular DES. From my understanding the MD5 would work
well. It is non-reversible.
In the current scheme, DES is used as a one-way function; the password
file is non-invertible. See the Morris and Thompson paper.