[net.unix-wizards] Security and like passwords

MikeO'Dell@BRL-VGR.ARPA,mo@lbl-csam (07/01/83)

In V7 and later, the "salt" was added to the encryption scheme to
largely suppress the ability to discover like passwords by
comparing the password file entry.  Now, even if I change my
password to the same one, there is one chance in 4096 of the
password file line being identical to the old.  The "salt" is chosen
from the low-order bits of the system's notion of Time, exactly
for this reason.  The other thing the salt does is modify the
encryption algorithm  such that the resulting algorithm LOOKS
like DES, but the internal permutation passes are subtly altered
so that in fact, none, or at most one, of the 4096 values of the
salt result in REAL DES algorithm.  This is to prevent attacks by
someone with a dictionary and a very fast DES chip.

All of this is out of the famous password security study by Thompson
and Morris.  

	-Mike