crypt 3 is OK, but setkey and encrypt 3 NOT
Simson Garfinkel
simsong at mit-amt.MIT.EDU
Sun Aug 25 14:01:11 AEST 1985
In article <517 at baylor.UUCP>, peter at baylor.UUCP (Peter da Silva) writes:
> OK. The documentation on 4.2 crypt doesn't mention DES. I seem to remember
> reading in some security paper somewhere that crypt used a deliberately
> flawed version of DES so DES chips couldn't be used for a fast exhaustive
> search. Anyone actually have the paper involved (I read it in a manual
> rack on the 5th floor of Evans while waiting for printout), so they can
> confirm or deny this vicious rumor?
> --
crypt(2) and crypt(1) are different. crypt(2) is an itterated and
defective DEA (software DES) implementation that takes a string key and
a 2 character salt and returns those familar passwd-like encrypted
strings. It is indeed not true DES so that you can't use a DES chip to
braek passwords. This is explained in detail in /usr/doc/password.
crypt(1), the 4.2 crypt program, uses DEA to generate a key sequence. It
then throws away the security of DEA and uses an enigma-like rotor-based
encryption scheme to cipher the rest of the plaintext. (actually, the
system that crypt(1) uses is less secure than enigma.)
DEA may or may not be secure. crypt(2) is definately secure, but it is
one way. crypt(1) is insecure (it can be broken programatically).
Hope this clears things up.
(Of course, If I've made a mistake, I'm sure I'll be told about it).
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list