At 05:47 PM 3/10/99 +0000, you wrote: > >Paul Leyland told me, many years ago, that one or more of the >"Enhanced Security" crypt-replacements are actually less secure >than traditional crypt() in many respects. > >Consider the: > > crypt first 8 chars > crypt remaining 8 chars > join the two ciphertexts > >...mechanism; assuming people choose passwords which are (a) plain >dictionary words and (b) only slightly longer than 8 characters, then: > > plaintext = wheatsheaf > first 8 chars = wheatshe > last 8 chars = af > >...the cracker may brute-force the latter ciphertext with its implicit >small keyspace, and then (eg:) go hunting for words in dictionaries >which are 10 characters long and whose last characters are "af", >thereby possibly reducing the search space for the first 8 characters >*very* significantly. I think your specific example here is a little off, since it assumes that a cracker has the encrypted password and a dictionary that contains it. If these two suppositions are true, the fight is already over, and you have lost. Focusing on the case in which the password is a dictionary word obscures the real problem: to compensate for the insecurity of an 8 character password, DEC has replaced it with what appears to be a 16 character password scheme, but is in reality just 2 8 character passwords, doubling instead of squaring the size of the keyspace that must be searched. (and much less than doubling, in the case of the all-too-frequent short second keys which will occur.) Nothing like the illusion of security to keep the managers sleeping soundly at night. The alternate scheme you mention (in the part I cut) of encrypting the first 8 characters and the last 8 seems to me to result in a 16 char keyspace. Clever. -- - keith -- Keith Piepho kapat_private Technical Services (330) 972-6130 The University of Akron
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:50 PDT