[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage

mkj writes:
> big_crypt is less secure than crypt because of duplicated information --
> using two crypt blocks with the same salt cuts the cracking time to
	Not quite. The salt changes from block to block, and is 
     dependent on the previous block of ciphertext. It is more secure
     than plain crypt, since;
     1) it is not reversible (in the same way as crypt isnt)
     2) the keyspace is no longer limited to 8 characters.
     3) the salt is different for each block. 
> the square root (or was it less?  I don't know the math to figure it
> out from scratch...) of what it would take to crack a standard crypt
> password.  Doh!  That's why only people with good math backgrounds
> ought to be designing crypto-based security...
	This is incorrect. The amount of time to crack is longer,
     than standard crypt, and depends on the number of blocks used. 
     I can give you the DEC publication number for the manual that
     covers this topic (albeit reasonably superficially) on monday
     if you are interested.

atp@mssly1.mssl.ucl.ac.uk 		  	  Andy Phillips
atp@mssl.ucl.ac.uk 			Mullard Space Science Laboratory, 
phillips@isass1.solar.isas.ac.jp	 Dept. Space and Climate Physics,
mssly1::atp				    University College London.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []