RFC: A UNIX crypt(3) replacement
The Deviant
deviant at pooh-corner.com
Sun Nov 17 09:28:56 PST 1996
On Sun, 17 Nov 1996, Adam Shostack wrote:
> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > I'm trying to think of a function to replace UNIX's crypt(3).
> | > My design criteria are as follows:
>
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get. If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
>
> A longer salt would make running crack against a large
> password file slower.
While thats all well and good, it shouldn't be necisary. If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.
>
> Adam
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
Nice sig... I think I'll add it to my list...
--Deviant
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor Who"
More information about the cypherpunks-legacy
mailing list