Date: Mon, 17 Feb 97 15:41:56 -0600 From: Ben Black <black@gage.com> To: Jim Shankland <jas@flyingfox.COM> Cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Message-ID: <9702172141.AA07110@squid.gage.com> In-Reply-To: <199702172104.NAA14500@saguaro.flyingfox.com> References: <199702172104.NAA14500@saguaro.flyingfox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>It is, of course, always possible to guess the right password the >very first time, thereby cracking the account in well under a second. or guessing it in the first few million tries, thereby cracking the account in 3 hours. >This will work even on an old 386 box lying around your lab, and >does not require a card with ASICs. All you need is very good luck :-). >Whether this says anything meaningful about the cryptographic >strength of DES is debatable. the cryptographic strength of DES is already debatable. the differential cryptanalysis of DES by shamir was met by certain folks involved in the creation of the lucifer and DES ciphers with the statement that they knew about differential cryptanalysis of DES 20 years ago. i am also of the mind that NSA doesn't allow the export of any encryption it can't break. b3n
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9702172141.AA07110>