Quote:>I've been reading Bruce Schneier's _Applied Cryptography_, and
>about DES in particular. Doesn't the passwd verification in
>UNIX use the 56-bit DES algorithm?
No. The Unix algorithm goes thusly:
* take the 8 character "Unix login password"
* reduce it to 56 bits, call this the "key"
* take the first two characters from the relevant pw_passwd field
* reduce these two characters to a 12 bit number, the "salt"
* use the salt to tweak the "E" expansion of your DES engine
ie: so we are not using standard DES
* take a block of NULLs, call this the plaintext
* run your modified DES on the plaintext, 25 times, using your
"key" from the above.
* take the result.
* prepend the salt and munge into ASCII
* match pw_passwd field against the string thus produced.
1) yes, the crypt(3) algorithm is based on DES, but is not DES.
2) even if you could reverese the encryption described above
you'ld only wind up with a block of NULLs (the plaintext)
Bruce, if you're reading this, I don't suppose it could be clarified in
the next edition ?
Quote:>It seems that 56-bit DES is
>easily breakable via brute force by resources available to NSA
>or anyone else with $1 million.
3) if I can get at your /etc/passwd (/etc/shadow ?) files, I can
very-probably brute-force my way into your machine using resources
available in my back-bedroom, or anyone else with $500.
An Amiga A500 does nicely to run Crack. A Linuxed '486 moreso.
God! The NSA ought to hire me! I could save them billions! 8-)
Quote:>I know that a lot of UNIX flavors have secondary
>authentication methods, but I'd rather just use one very solid
Buy a smartcard or install S/Key. Get out of the password game. Now.
Passwords are dead technology. The NSA probably doesn't give a toss
what is on your machine, but if you're at all interested in keeping
*them* out, then give up on passwords entirely.
The views expressed above are the author's *personal* opinions
and are not necessarily shared by his employers or anyone else
... I love the smell of acid flux in the morning...