1996-11-17 - Re: RFC: A UNIX crypt(3) replacement

Header Data

From: The Deviant <deviant@pooh-corner.com>
To: Adam Shostack <adam@homeport.org>
Message Hash: 898156a1a6f8188c858d3b5b822eb7817b6d8641037d554827c0af46c236b8a1
Message ID: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
Reply To: <199611171432.JAA02213@homeport.org>
UTC Datetime: 1996-11-17 17:28:56 UTC
Raw Date: Sun, 17 Nov 1996 09:28:56 -0800 (PST)

Raw message

From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 09:28:56 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611171432.JAA02213@homeport.org>
Message-ID: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Adam Shostack wrote:

> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
> | > My design criteria are as follows:
> 
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get.  If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
> 
> 	A longer salt would make running crack against a large
> password file slower.

While thats all well and good, it shouldn't be necisary.  If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Nice sig... I think I'll add it to my list...

 --Deviant
"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"







Thread