Here at Stanford, we're proposing a password hashing algorithmQuote:
> Are any other Unix vendors considering supporting additional password
> hashing mechanisms? Is there likely to be any kind of standard in the
> future for non-DES password hashing mechanisms?
based on discrete exponentiation. Not only does it make the
password file harder to brute-force, but it also enables secure
network logins that are completey immune to both sniffers and
active (e.g. man-in-the-middle) attacks. I've got it up and running
on my RH4.1 Linux box with PAM support.
See <http://srp.stanford.edu/srp/> for details and software.
Phone: (650) 725-6969 in what you accept from others."
http://www-cs-students.stanford.edu/~tjw/ Visit my homepage!