[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secprog
Subject:    Re: Precomputed Dictionary Attacks  (was Re: Preventing
From:       toad <matthew () TOSELAND ! F9 ! CO ! UK>
Date:       2001-04-11 14:34:59
[Download RAW message or body]

On Tue, Apr 10, 2001 at 03:19:37PM +1000, Peter Jeremy wrote:
> On 2001-Apr-09 11:11:28 -0500, "L. Adrian Griffis" <dt26453@dstsystems.com> wrote:
> >As I recall, the password encryption scheme for Unix that I heard
> >about was based on an analysis of some version of a World War
> >cypher machine.  This was soon replaced by the "encryption"
> >scheme we use now, which, if I remember right, modifies a well
> >known constant with the salt, and then iteratively DES encrypts
> >the constant 25 times using a key derived from the supplied
> >password.
>
> Actually, the salt modifies the encryption algorithm:  The salt
> is XOR'd into the (left XOR right) part of each internal iteration
> within DES.  The constant is always all zeros.
>
> The reason for doctoring DES is to ensure that hardware DES machines
> can't be used to crack Unix passwords.
>
> The freeware Unices (Linus & *BSD) have all expanded the password
> hashing scheme to allow alternative algorithms (eg MD5 and blowfish),
> increased salt sizes (24-bits with DES, 48 bits for MD5 and blowfish)
> and varying numbers of rounds.
128-bits for OpenBSD blowfish, with a variable number of rounds, as pointed out
previously.
>
> Peter

--
The road to Tycho is paved with good intentions

[prev in list] [next in list] [prev in thread] [next in thread]