piet@ruuinf (Piet van Oostrum) (01/02/89)
In article <230@ibd.BRL.MIL>, heilpern@ibd (Mark A. Heilpern ) writes: `If the 2-letter key used in encryption were not known, this boosts the 80 hour `upper end to ~37 years. (80 hours * 4096 methods of encryption) In article <1988Dec26.151208.19016@ziebmef.uucp>, mdf@ziebmef (Matthew Francey) writes: `In article <12750@bellcore.bellcore.com>, karn@ka9q.bellcore.com (Phil Karn) writes: ` A 56-bit search space is well beyond the brute-force `> abilities of most crackers (though perhaps not the NSA) **IF** the keys are `> widely and evenly distributed within it. ` ` A possible solution is to have each site pick its own secret encryption `method (for example, start with a non-zero block). Could it remain secret `for a long long time (years... it would be a major pain changing it)? `Probably not, since anyone could disassemble passwd... In article <13022@bellcore.bellcore.com>, karn@ka9q (Phil Karn) writes: ` The point is that to be maximally effective, the UNIX password `algorithm should be given keys with 56 bits of entropy. That is, the `distribution of actual user keys should be uniformly distributed over `all 2^56 possible values. In article <614@rufus.math.nwu.edu>, john@rufus (John Franks Dept. of Math. Northwestern Univ.) writes: ` `Question: Why are we limited to 56 bits? Surely not for effi- `ciency or to save space. This is an instance where we *want* to `be slow. I've heard that NSA lobbied for smallish keys in com- `mercial DES rather than larger ones (the implication being they `wanted a size they could handle easily). Does anybody know if `there is any truth to this? ` Actually, it wouldn't be difficult to get a search space of more than 2^56: First, force the user to use long passwords, from a reasonable set of characters (like a minimum percentage from each of [a-z],[A-Z],[0-9] and [!"$%^&*()_+{}<>?:@]). Now the input to the encryption algorithm consists of: 12 bits 'salt' 56 bits DES-key 64 bits constant to be encrypted. that makes a total of 132 bits. If you take each of the above 3 parts from various bits of the password, then we could accommodate 19 character passwords. -- Piet van Oostrum, Dept of Computer Science, University of Utrecht Padualaan 14, P.O. Box 80.089, 3508 TB Utrecht, The Netherlands Telephone: +31-30-531806 UUCP: ...!mcvax!hp4nl!ruuinf!piet
jfh@rpp386.Dallas.TX.US (The Beach Bum) (01/03/89)
In article <946@ruuinf.UUCP> piet@ruuinf (Piet van Oostrum) writes: [ nice, long description ... ] >Now the input to the encryption algorithm consists of: > 12 bits 'salt' > 56 bits DES-key > 64 bits constant to be encrypted. > >that makes a total of 132 bits. If you take each of the above 3 >parts from various bits of the password, then we could accommodate 19 >character passwords. No - you are still only storing 56 bits of password data. What you are doing is providing a multi-way encryption algorithm, you are not expanding the key space. Since there are only 2^56 possible outputs, and 2^132 inputs, some of them must map onto other encrypted passwords - a multi-way encryption. This reminds me - old VAX/VMS used CRC16 to encrypt their passwords. Which is about as multi-way as it gets ... This would mean, if correct, that only 65,536 different passwords would have to be generated to break the system. The successful cracker pre-encrypts several times this many passwords using the CRC16 instruction to generates a complete dictionary of all possible output values. -- John F. Haugh II +-Quote of the Week:------------------- VoiceNet: (214) 250-3311 Data: -6272 |"Anything on the road which can be InterNet: jfh@rpp386.Dallas.TX.US | hit, will be ..." UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
piet@ruuinf (Piet van Oostrum) (01/04/89)
In article <10629@rpp386.Dallas.TX.US>, jfh@rpp386 (The Beach Bum) writes:
`
`No - you are still only storing 56 bits of password data. What you
`are doing is providing a multi-way encryption algorithm, you are not
`expanding the key space.
`
`Since there are only 2^56 possible outputs, and 2^132 inputs, some of
`them must map onto other encrypted passwords - a multi-way encryption.
`
You are right, only it is 2^64 (the key for DES is 56 bits, but the output
is 64 bits), so this still gives an 8 bit improvement, making it 128 times
as hard.
--
Piet van Oostrum, Dept of Computer Science, University of Utrecht
Padualaan 14, P.O. Box 80.089, 3508 TB Utrecht, The Netherlands
Telephone: +31-30-531806 UUCP: ...!mcvax!hp4nl!ruuinf!piet