Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA654 ; Sat, 06 Feb 93 16:01:28 EST Newsgroups: comp.unix.bsd Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!caen!uunet!inmos!fulcrum!bham!warwick!pavo.csi.cam.ac.uk!camcus!pc123 From: pc123@cus.cam.ac.uk (Pete Chown) Subject: Re: *Big* security leak for users w/o crypt. In-Reply-To: vax@ccwf.cc.utexas.edu's message of 5 Feb 1993 07:31:51 GMT Message-ID: <PC123.93Feb5122608@grus.cus.cam.ac.uk> Sender: news@infodev.cam.ac.uk (USENET news) Nntp-Posting-Host: grus.cus.cam.ac.uk Organization: U of Cambridge, England References: <1kmcqrINN4l@encap.hanse.de> <1kshqiINN3gv@stimpy.css.itd.umich.edu> <1kt557INN2mp@geraldo.cc.utexas.edu> Date: Fri, 5 Feb 1993 12:26:15 GMT Lines: 23 In article <1kt557INN2mp@geraldo.cc.utexas.edu> vax@ccwf.cc.utexas.edu (Vax) writes: Hmm. Or you could get a crypt that doesn't use DES, like I think Coherent uses a rotor-machine algorithm. They are fairly secure, even though the Enigma was broken during WWII it should still serve against casual intruders. Or make something similar. It shouldn't be too hard. It's not like you will keep out a guru or cryptographer anyway. Depends on how much security you need. Be careful. If you invent your own cryptosystem, it will almost certainly have a weakness; most new systems that are proposed do! And it may have to face a determined attack. The old algorithm for encrypting Unix passwords was broken by Richard Stallman to make a political point. He mailed everyone's passwords to them, to try to encourage them all to use the null string instead... -- ---------------------------------------------+ "A tight hat can be stretched. Pete Chown, pc123@phx.cam.ac.uk (Internet) | First damp the head with steam pc123@uk.ac.cam.phx (Janet :-) -+ from a boiling kettle."