[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



At 19:09 07/12/99 -0600, vorlon@netexpress.net wrote:
>Well, if you're using crypt passwords, a dedicated assailant can get the
>cleartext passwords easily enough.

I think you're confused between the crypt command (which uses a modified
Enigma algorithm) and libcrypt password encryption (which uses the
password as a DES key to encrypt a block of nulls).

The crypt command is very weak, but libcrypt password encryption is
quite strong.  A dictionary attack is the only effective way to crack
it (given only the password file - there may more sophisticated ways
given other information).  I understand that the MD5 algorithm itself
is now believed to be weaker than was first thought, so I would be
wary of suggesting it is a better solution for password encryption
without some thorough justification.

			- Craig.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []