paul@hp-lsd.UUCP (Paul D. Bame) (05/16/86)
Seems I recall that the Un*x password transformation (encryption?) software was intentionally somewhat slow to discourage exhaustive password cracking. I don't recall the source of this though. --Paul Bame UUCP: {hplabs,ihnp4!hpfcla}!hp-lsd!paul CSNET: hp-lsd!paul@hp-labs.csnet ARPA: hp-lsd!paul%hp-labs@csnet-relay.arpa
chris@umcp-cs.UUCP (Chris Torek) (05/18/86)
In article <3600003@hp-lsd.UUCP> paul@hp-lsd.UUCP (Paul D. Bame) writes: >Seems I recall that the Un*x password transformation (encryption?) >software was intentionally somewhat slow to discourage exhaustive >password cracking. I don't recall the source of this though. I quote from /usr/doc/password: .TL Password Security: A Case History ... .AU "MH 2C-524" 3878 Robert Morris .AU "MH 2C-523" 2394 Ken Thompson ... .SH IMPROVEMENTS TO THE FIRST APPROACH .NH Slower Encryption .PP Obviously, the first algorithm used was far too fast. The announcement of the DES encryption algorithm [2] by the National Bureau of Standards was timely and fortunate. The DES is, by design, hard to invert, but equally valuable is the fact that it is extremely slow when implemented in software. The document makes quite a number of points that seem perpetually ignored. In particular, the authors note that [The results of] experiments to try to determine typical users' habits in the choice of passwords [...] were disappointing, except to the bad guy. In a collection of 3,289 passwords gathered from many users over a long period of time; .IP 15 were a single ASCII character; .IP 72 were strings of two ASCII characters; .IP 464 were strings of three ASCII characters; .IP 477 were string of four alphamerics; .IP 706 were five letters, all upper-case or all lower-case; .IP 605 were six letters, all lower-case. .LP An additional 492 passwords appeared in various available dictionaries, name lists, and the like. A total of 2,831, or 86% of this sample of passwords fell into one of these classes. .PP There was, of course, considerable overlap between the dictionary results and the character string searches. The dictionary search alone, which required only five minutes to run, produced about one third of the passwords. Our own `passwd' program refuses to accept both short passwords and passwords that are found in any of several dictionaries; even so, another cracker program has in the past found quite a few `obvious' passwords, most left from before these measures were instituted. I also recall a complaint from a one user who could not understand why `passwd' would not let him use any of several English words, even though it says: Your new password was found in the dictionary. Please choose a password not in the dictionary. These security `features' are indeed annoying at times, but---judging from our own `bad login attempt' logs---quite necessary. -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 1516) UUCP: seismo!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@mimsy.umd.edu