>The one thing that CAN cause problems is that Digital UNIX can use >nonstandard hash algorithms (bigcrypt(), crypt16() and C1crypt()) as >well as the normal crypt(). Not only does this make coding slightly >complicated (as you have to get the correct hash algorithm, but when >a password is created within an Enhanced Security environment that is >over eight characters in length, another password round is created >AFTER the original to contain the rest of the password. This doesn't >make things impossible, just difficult - Digital kindly provide a set >of system calls to do most of this for you. Paul Leyland told me, many years ago, that one or more of the "Enhanced Security" crypt-replacements are actually less secure than traditional crypt() in many respects. Consider the: crypt first 8 chars crypt remaining 8 chars join the two ciphertexts ...mechanism; assuming people choose passwords which are (a) plain dictionary words and (b) only slightly longer than 8 characters, then: plaintext = wheatsheaf first 8 chars = wheatshe last 8 chars = af ...the cracker may brute-force the latter ciphertext with its implicit small keyspace, and then (eg:) go hunting for words in dictionaries which are 10 characters long and whose last characters are "af", thereby possibly reducing the search space for the first 8 characters *very* significantly. I attach below a section of an illuminating e-mail of Paul's from 1996; I do not think he'll mind my publishing it. I once posted a better algorithm than this (essentially, crypt the first eight characters "wheatshe", crypt the *last* eight characters "eatsheaf", remembering to meddle with the salt for the second crypt by using a function of first plaintext to prevent the pathological condition where the ciphertext is eight-or-less characters yielding concatenated repeated ciphertexts... but it never got adopted, and anyway, MD5 or SHA1 is a much better bet. There are other issues with the innards of some of these crypt() replacements, involving numbers of rounds, etc, but it is a long time since I visited Ultrix and/or them. - alec ps: ObCynic: no doubt some self-aggrandising security research pseudogroup can easily whip up a PGP-signed "Security Advisory" to leap on this bandwagon, bring this to the media, and thereby try to gain credibility. Don't all jump at once, now, y'hear? | Here's a test program and it's output when compiled and run under Ultrix | 4.3a. Note the behaviour when the password drops below 8 characters... | | Paul | | 8<---------------------------------------------------------------------->8 | | main () | { | printf ("<%s> <%s> <%s>\n", "printf", "aa", crypt16 ("printf", "aa")); | printf ("<%s> <%s> <%s>\n", "printf", "AA", crypt16 ("printf", "AA")); | printf ("<%s> <%s> <%s>\n", "printf", "az", crypt16 ("printf", "az")); | printf ("<%s> <%s> <%s>\n", "printf", "a0", crypt16 ("printf", "a0")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4IP", "/.", crypt16 ("LOLOAQICI82QB4IP", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4I", "/.", crypt16 ("LOLOAQICI82QB4I", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB4", "/.", crypt16 ("LOLOAQICI82QB4", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82QB", "/.", crypt16 ("LOLOAQICI82QB", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82Q", "/.", crypt16 ("LOLOAQICI82Q", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI82", "/.", crypt16 ("LOLOAQICI82", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI8", "/.", crypt16 ("LOLOAQICI8", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQICI", "/.", crypt16 ("LOLOAQICI", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQIC", "/.", crypt16 ("LOLOAQIC", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQI", "/.", crypt16 ("LOLOAQI", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOAQ", "/.", crypt16 ("LOLOAQ", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLOA", "/.", crypt16 ("LOLOA", "/.")); | printf ("<%s> <%s> <%s>\n", "LOLO", "/.", crypt16 ("LOLO", "/.")); | printf ("<%s> <%s> <%s>\n", "LOL", "/.", crypt16 ("LOL", "/.")); | printf ("<%s> <%s> <%s>\n", "LO", "/.", crypt16 ("LO", "/.")); | printf ("<%s> <%s> <%s>\n", "L", "/.", crypt16 ("L", "/.")); | } | | 8<---------------------------------------------------------------------->8 | <printf> <aa> <aaCjFz4Sh8Eg2QSqAReePlq6> | <printf> <AA> <AA/xje2RyeiSU0iBY3PDwjYo> | <printf> <az> <azbLHnWaqbJeQeZc1OSYe7Pk> | <printf> <a0> <a0yn3KhrcQbus.ioGbPACugk> | <LOLOAQICI82QB4IP> </.> </.FcK3mad6JwYt8LVmDqz9Lc> | <LOLOAQICI82QB4I> </.> </.FcK3mad6JwYq1nJWLBmf3E> | <LOLOAQICI82QB4> </.> </.FcK3mad6JwYy2Cg/eC.S0Y> | <LOLOAQICI82QB> </.> </.FcK3mad6JwYGluf6Ixbuu6> | <LOLOAQICI82Q> </.> </.FcK3mad6JwYZpsNag31O/2> | <LOLOAQICI82> </.> </.FcK3mad6JwYZ5gmSbpOG4c> | <LOLOAQICI8> </.> </.FcK3mad6JwY0b/Q.wdrEkg> | <LOLOAQICI> </.> </.FcK3mad6JwYSaRHJoTPzY2> | <LOLOAQIC> </.> </.FcK3mad6JwYelhbtlysKy6> | <LOLOAQI> </.> </.HFDmSJe0gdUelhbtlysKy6> | <LOLOAQ> </.> </.4xr8tFp2YtkelhbtlysKy6> | <LOLOA> </.> </.J0OjcwfBdmselhbtlysKy6> | <LOLO> </.> </.W3kA/gJhfNkelhbtlysKy6> | <LOL> </.> </./8USI4XZojgelhbtlysKy6> | <LO> </.> </.IsLxNCl59joelhbtlysKy6> | <L> </.> </.CIu/PzYCkl6elhbtlysKy6> | 8<---------------------------------------------------------------------->8
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:38 PDT