wa371@sdcc12.UUCP (wa371) (05/22/85)
Question posed to the net: How secure is `crypt`?
Replies:
::::::::::::::::::::
From: Robert W. Baldwin <BALDWIN@MIT-XX.ARPA>
Subject: crypt secutiry
crypt(1) is about as secure as locking something in a filing
cabinet. Anybody who is willing to spend the time studying the details
of crypt can figure out how to break it. It takes 2-4 weeks (part time)
to write the necessary software. A paper that appeared in the October
issue of the Bell Laboritories Technical Journal (1984) by Reed and
Weinberger describes some of the more obvious ways to do it.
The security can be improved a great deal by compressing a file
before encrypting it. I would strongly recommend running compact(1)
and then crypt(1) if you value the privacy of your information.
--Bob Baldwin
:::::::::::::::::::::::
From: Oliver Sharp <dcdwest!ittvax!decvax!yale!sharp@sdcsvax.sdcc12>
Hi -
not very. Read the October, 1984 issue of the Bell Labs Technical Journal
(it might be AT&T Technical Journal; it changed names and I forget which one
this was). There is an article explaining how to break crypt fairly quickly.
Interesting stuff.
-Oliver Sharp
:::::::::::::::::::
From: dcdwest!ittvax!decvax!bellcore!gamma!ulysses!allegra!alice!reeds@sdcsvax
Crypt(1) is not safe against 1) me, 2) friends of mine, or 3) careful readers
of an article by P.J.Weinberger & me in a recent ish of the Bell Labs Technical
Journal, assuming they take the time to turn the algorithms we describe into
a computer program. Plain English text is easy to read if you have a clue
about what its about; C code is even easier.
::::::::::::::::::::
From: ihnp4!seismo!harvard!uwvax!shp@wisc-crys.arpa (Steve Patterson)
If you're referring to something OTHER than the DES algorithm that I
normally associate with crypt, than I haven't the foggiest idea. About
DES, I can say a few words.
First: I'm not a mathemetician. I can't mathematically demonstrate
anything about it, etc. My cryptanalysis is mostly self-taught, and very
limited. However: from a system breaker's point of view (personal
experience and research), crypt IS tough to break. (I don't know of any-
one who's claimed to have broken it, but I do know several people who've
failed). There's an article on it in October's AT&T Journal (if you'd
like the reference, mail me back (shp@wisc-crys.arpa, or the return
Usenet path) and I'll look it up -- I don't have it with me). If memory
serves, Unix uses a 56-bit DES, although the 64-bit version is significantly
more secure. Rumor has it that this is because NSA can break a 56-bit DES
but not a 64. Silly, but who knows?? I believe it.
Hope this helps out.
=shp
::::::::::::::::::
From: ucbvax!phr@ucbernie.Berkeley.ARPA (Paul Rubin)
Unix 'crypt' is secure from random people poking around but a text
file of length more than a few hundred bytes can be decrypted in
at most a few hours by anyone equipped with the right cryptanalysis
program (at least one such program exists). Figuring out from
the source code how to break the encryption (i.e. write the analysis
program) is not trivial, but to crypto experts not very hard.
paul rubin
:::::::::::::::
End of replies.
Bernd <bear-nd> Riechelmann
(Not affiliated with, nor speaking for U.C. San Diego)
UUCP: ...!ucbvax!sdcsvax!sdcc12!wa371, ARPA: sdcsvax!sdcc12!wa371@nosc
*** hooray for USENET ***
PS: If a control-l follows here, I did not put it here but the mail program
seems to be doing it lately. Does anyone know, why?