From: mcampbel@cs.ucf.edu (Mike Campbell ) Subject: Re: Weird group problems under .99.3 Date: Fri, 15 Jan 1993 13:06:50 GMT
pmacdona@sanjuan (Peter MacDonald) writes:
>In article <1993Jan14.181839.6910@alf.uib.no> magnus@ii.uib.no writes:
>>You say that the availability of crypt as source code is a security
>>problem, or rather - that it makes it simpler to break passwords.
>>
>>Do you really think crypt is reversible?
>>
>>If you can do that, you're a rich man.
>>
>>-Magnus
>I have heard that it is possible to reduce the search field
>when trying to crack passwords, if you have the source. I am
>not an expert in security (is anyone), but I do know that with
>enough processing power you can crack any password, if you
>have the algorithm used, and the encrypted string.
The test of a "secure" crypt, (note quotes), or any other security measure
is the ability, or lack thereof, to crack passwords with the algorithm or
source in hand.
The crypt algorithm, as well as DES etc is well known. What makes them good
is that they're STILL virtually unbreakable except with huge amounts of
processing power.
Yes, availabilty of source may make it somewhat easier, but that's almost a
red herring. Making an EXTREMELY difficult problem 'somewhat' easier leaves
it still extremely difficult.