Uninvertible passwd encryption (was: Re: Kmem security)
Andy Duplain
duplain at rtf.bt.co.uk
Sat Mar 23 20:25:23 AEST 1991
In article <1991Mar20.061813.17416 at agate.berkeley.edu> c60b-1eq at e260-1c.berkeley.edu (Noam Mendelson) writes:
>If one were to crack passwords they would attempt to encrypt strings
>and compare the result to the /etc/passwd entry (since they know the salt).
Absolutely,
One way of doing this could be using the SunOS l64a() library function,
which can generate base-64 strings from long ints. But since l64a()
can generate a maximum of 6 characters, and since crypt() takes a long
time to run, it would take several months, and you wouldn't get any
passwords longer than 6 chars.
No go!
--
=== Andy Duplain ==============================================================
British Telecommunications PLC, Customer Systems, Brighton, United Kingdom.
#define DISCLAIMER My views and options are not necessarily those of my company
Internet: duplain at rtf.bt.co.uk UUCP: ...!uunet!ukc!axion!bscsq1!duplain
More information about the Comp.unix.admin
mailing list