How to stop future viruses.
John B. Nagle
jbn at glacier.STANFORD.EDU
Thu Nov 10 13:32:44 AEST 1988
In article <16768 at agate.BERKELEY.EDU> greg at math.Berkeley.EDU (Greg) writes:
>In article <2178 at cuuxb.ATT.COM> dlm at cuuxb.UUCP (Dennis L. Mumaugh) writes:
>Firstly, there is no way that a virus would beam all passwords to
>one central computer to be processed there.
No reason that can't be done. Richey did it that way.
>Secondly, your approach will no longer work with the advent of the
>salt, the 12 random bits stored in the clear with the encrypted
>password. You would have to encrypt the dictionary 4096 times, or be
>content with cracking a much smaller portion of the password file. It
>would be good to expand the salt to 36 bits, just to make sure that you
>can't preencrypt even a small dictionary.
It's not clear that the "salt" trick helps all that much.
Bear in mind that Dennis Mumaugh works for NSA. He's telling us
that the UNIX password encryption system is fundamentally insecure. Pay
attention, people.
John Nagle
More information about the Comp.unix.wizards
mailing list