Improving password security
Richard A. O'Keefe
ok at quintus.uucp
Sun Nov 20 17:51:59 AEST 1988
In article <27987 at tut.cis.ohio-state.edu> jgreely at banjo.cis.ohio-state.edu (J Greely) writes:
>1. break the plaintext: trivial to do, if I can read libc.a on your
> system. Since crypt is a standard library function, the object
> file is open to anyone who wants it. Your secret plaintext is
> secret only so long as no one is allowed to use the crypt function.
>
Not so trivial if the revised crypt() is an RPC call to a "crypt server";
then you would need read access to the crypt server code as well. [This
would be one occasion when the added cost of an RPC call would be welcome!]
A site-configurable plaintext for crypt() sounds nice, but remember what
Feynman found out about safes!
More information about the Comp.unix.wizards
mailing list