[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: A UNIX crypt(3) replacement



On Sun, 17 Nov 1996, Adam Shostack wrote:

> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
> | > My design criteria are as follows:
> 
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get.  If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
> 
> 	A longer salt would make running crack against a large
> password file slower.

While thats all well and good, it shouldn't be necisary.  If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Nice sig... I think I'll add it to my list...

 --Deviant
"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"