[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Booting a CD / Special password protection
|
From: |
Daniel Pittman |
|
Subject: |
Re: Booting a CD / Special password protection |
|
Date: |
16 Oct 2000 23:07:03 +1100 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.2 (Notus) |
On Mon, 16 Oct 2000, Jochen Hoenicke
<address@hidden> wrote:
[...]
>> [...]optionally the password should not be stored in the clear but
>> only the hash of the password.
>
> I plan to do this. Yesterday, I have done a space efficient
> implementation of md5_crypt. I also have implemented DES crypt, but
> I'm not sure if it makes sense to add this, too. MD5 crypt is
> smaller, superior and MD5 may be useful for other purposes as well.
>From a security point of view, single DES encryption is /not/ a strong
technique for securing the password. Breaking it is probably about
$50,000 US or so, perhaps less.
So, while this is much stronger than you need to protect against your
brother running the wrong operating system, if it is to secure against a
determined attack, it's not very strong.
MD5 is much stronger and, also, having only a single algorithm makes
user configuration much easier, in my opinion.
[...]
> One problem may be the export restrictions for cryptography. Does
> anyone know if password hashes are also restricted?
To the best of my knowledge they are not illegal anywhere, especially
when implemented with a one way hash function for comparison. However, I
am not a lawyer.
Daniel
--
Most of the luxuries and many of the so-called comforts of life, are not only
not indispensable, but positive hindrances to the elevation of mankind.
-- Henry David Thoreau, _Walden_, "Economy" [1854]