[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using crypt()
At 01:47 PM 4/4/96 -0400, Eric Eden <[email protected]> wrote:
>I'm testing a encryption program that includes use of crypt().
Out of curiousity, why use crypt() instead of, say, MD5, which is
stronger and allows arbitrarily long passphrase input? You could
add a crypt()-like salt to it as well, if that helps.
And just as crypt() lets you distinguish between input and output
based on length and character set, if you use MD5, you know the
output is 128 bits, rendered either as raw bits or 32 hexes
depending on your program environment.
With crypt(), for users who don't remember their passwords, you can
run crack to try and recover them. This doesn't work, of course,
if your stored "encrypted password" is really an unencrypted
non-13-byte string which wouldn't ever be the output of crypt().
MD5, on the other hand, allows enough passphrase space that a brute force
search would take much longer.