crypt 3 is OK, but setkey and encrypt 3 NOT
Steven Bellovin
smb at ulysses.UUCP
Tue Aug 27 06:11:33 AEST 1985
> OK. The documentation on 4.2 crypt doesn't mention DES. I seem to remember
> reading in some security paper somewhere that crypt used a deliberately
> flawed version of DES so DES chips couldn't be used for a fast exhaustive
> search. Anyone actually have the paper involved (I read it in a manual
> rack on the 5th floor of Evans while waiting for printout), so they can
> confirm or deny this vicious rumor?
The paper is "Password Security: A Case History", by Thompson and Morris.
It's in the 4.2 documentation, and was also published in CACM, November, 1979.
The paper is well worth reading if you're at all interested in password
security.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list