passwd hashing methods Re: unix crypt() vs. AIX crypt()

passwd hashing methods Re: unix crypt() vs. AIX crypt()

Post by Thomas W » Sat, 22 Nov 1997 04:00:00




Quote:

> Are any other Unix vendors considering supporting additional password
> hashing mechanisms?  Is there likely to be any kind of standard in the
> future for non-DES password hashing mechanisms?

Here at Stanford, we're proposing a password hashing algorithm
based on discrete exponentiation.  Not only does it make the
password file harder to brute-force, but it also enables secure
network logins that are completey immune to both sniffers and
active (e.g. man-in-the-middle) attacks.  I've got it up and running
on my RH4.1 Linux box with PAM support.
See <http://srp.stanford.edu/srp/> for details and software.
--


  Phone: (650) 725-6969                       in what you accept from others."
   http://www-cs-students.stanford.edu/~tjw/                Visit my homepage!
 
 
 

passwd hashing methods Re: unix crypt() vs. AIX crypt()

Post by Brad Thompso » Fri, 28 Nov 1997 04:00:00


Quote:> Are any other Unix vendors considering supporting additional password
> hashing mechanisms?  Is there likely to be any kind of standard in the
> future for non-DES password hashing mechanisms?

Both Solaris and RedHat linux have pam, which supports md5 hashing.
The main advantage is that it allows >8 char passwords.
                                                  --Brad
--


 
 
 

1. unix crypt() vs. AIX crypt()


Yeah, this is quite cool. Which scheme is the default?

--
-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                         "mmm... sacrilicious"

2. HOWTO: identify all threads of a process

3. crypt in C++ just like crypt in c library

4. 2.9 "No Valid Screens Found" Message with startx

5. Does Linux support crypt(1) and crypt(3)?

6. 1.3.100, install, Oops'es, VFS hangs. Desperate!

7. Perl(Crypt::DES, Crypt::IDEA)

8. Looking for status indicator like xbiff but not for mail

9. WANTED: Crypt for Delphi or Windows passwd DLL

10. DES passwd crypt support requited for tacacs+ authentication

11. crypt & passwd.c

12. Crypt passwd

13. using Crypt() to check passwd?