[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: A UNIX crypt(3) replacement

To: Adam Shostack <[email protected]>
Subject: Re: RFC: A UNIX crypt(3) replacement
From: The Deviant <[email protected]>
Date: Sun, 17 Nov 1996 17:28:09 +0000 (GMT)
cc: [email protected]
In-Reply-To: <[email protected]>
Organization: The Silicon Pirates
Sender: [email protected]

On Sun, 17 Nov 1996, Adam Shostack wrote:

> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
> | > My design criteria are as follows:
> 
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get.  If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
> 
> 	A longer salt would make running crack against a large
> password file slower.

While thats all well and good, it shouldn't be necisary.  If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Nice sig... I think I'll add it to my list...

 --Deviant
"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"

Follow-Ups:
- Re: RFC: A UNIX crypt(3) replacement
  - From: Adam Shostack <[email protected]>
- Re: RFC: A UNIX crypt(3) replacement
  - From: Dave Kinchlea <[email protected]>

References:
- Re: RFC: A UNIX crypt(3) replacement
  - From: Adam Shostack <[email protected]>

Prev by Date: Re: Crypto Bounties: Another Thought that crossed my mind.
Next by Date: Re: RFC: A UNIX crypt(3) replacement
Prev by thread: Re: RFC: A UNIX crypt(3) replacement
Next by thread: Re: RFC: A UNIX crypt(3) replacement
Index(es):
- Date
- Thread