root@cca.ucsf.edu (Systems Staff) (06/30/90)
The following is a clarification of the intent of two recent postings prompted by mail regarding them. ==================================================================== The typical Unix password system uses (the salt and) the password as its key to encrypt a constant and then compares the result to the stored value in /etc/passwd. What I was suggesting in my recent postings to sci.crypt and comp.os.minix is that the constant being encrypted be specific to each system (or group of systems under common administration) and kept confidential. Thus, stealing a password file would not allow you to take it to another system to attempt password space searches. Actually, you wouldn't even be able to to do this on the same system except by going through the system routines and that would be readily detectible. Changeover between the present and strengthened systems is trivial; you supply two (not necessarily different) constants -- success means matching the result from either one. This also gives you the mechanism for enforcing required entry of new passwords; always use the preferred value for assigning passwords. I wasn't talking about messing with the S-Boxes. They represent a black art and one might very well diminish their effectivenss unless he _really_ knows what he's doing. Snefru and MD4 are intended to produce a hard to invert code for use as a message verification code. It had been proposed that an algorithm of this type be used to avoid the problems of export restrictions on cryptological systems. What I was suggesting was that in this case the "message" being fed to one of these for a password application include at least three elements: 1. The password itself 2. The salt if one is desired (in this case including the actual login name serves to conceal use of the same password by more than one user of the system as well as diminishing the utility of precomputed tables) 3. A string assigned by the system administrator which is kept confidential (this requires a protected OS for full value) The latter element is the equivalent of the site dependent value replacing the constant in the typical Unix method. Thos Sumner Internet: thos@cca.ucsf.edu (The I.G.) UUCP: ...ucbvax!ucsfcgl!cca.ucsf!thos BITNET: thos@ucsfcca U.S. Mail: Thos Sumner, Computer Center, Rm U-76, UCSF San Francisco, CA 94143-0704 USA I hear nothing in life is certain but death and taxes -- and they're working on death. #include <disclaimer.std>