*BSD News Article 10776


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA654 ; Sat, 06 Feb 93 16:01:28 EST
Newsgroups: comp.unix.bsd
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!caen!uunet!inmos!fulcrum!bham!warwick!pavo.csi.cam.ac.uk!camcus!pc123
From: pc123@cus.cam.ac.uk (Pete Chown)
Subject: Re: *Big* security leak for users w/o crypt.
In-Reply-To: vax@ccwf.cc.utexas.edu's message of 5 Feb 1993 07:31:51 GMT
Message-ID: <PC123.93Feb5122608@grus.cus.cam.ac.uk>
Sender: news@infodev.cam.ac.uk (USENET news)
Nntp-Posting-Host: grus.cus.cam.ac.uk
Organization: U of Cambridge, England
References: <1kmcqrINN4l@encap.hanse.de> <1kshqiINN3gv@stimpy.css.itd.umich.edu>
	<1kt557INN2mp@geraldo.cc.utexas.edu>
Date: Fri, 5 Feb 1993 12:26:15 GMT
Lines: 23

In article <1kt557INN2mp@geraldo.cc.utexas.edu> vax@ccwf.cc.utexas.edu
(Vax) writes:

   Hmm.  Or you could get a crypt that doesn't use DES, like I think
   Coherent uses a rotor-machine algorithm.  They are fairly secure,
   even though the Enigma was broken during WWII it should still serve
   against casual intruders.

   Or make something similar.  It shouldn't be too hard.  It's not
   like you will keep out a guru or cryptographer anyway.  Depends on
   how much security you need.

Be careful.  If you invent your own cryptosystem, it will almost
certainly have a weakness; most new systems that are proposed do!

And it may have to face a determined attack.  The old algorithm for
encrypting Unix passwords was broken by Richard Stallman to make a
political point.  He mailed everyone's passwords to them, to try to
encourage them all to use the null string instead...
--
---------------------------------------------+ "A tight hat can be stretched.
Pete Chown, pc123@phx.cam.ac.uk (Internet)   |  First damp the head with steam
            pc123@uk.ac.cam.phx (Janet :-)  -+  from a boiling kettle."