More on fP 6.0 features

Bill Vermillion fp at wjv.com
Thu Oct 28 06:09:38 PDT 2004


It was Wed, Oct 27 19:59  when Fairlight said "Mia kusenveturilo estas
plena da angiloj. And continued:

> You'll never BELIEVE what Brian K. White said here...:
> > Fairlight wrote:
> > > BASE64( TO|FROM , INFIELD, OUTFIELD)
> > >
> > > m->
> > 
> > 
> > rather:

> > crypt(ecoding,key,direction,source,target)

> > encoding is an ever growing list, initially base64 and crypt
> > at least, mybe rot13(w/ rot5 numbers) just for giggles

> I think you missed my point. I wasn't talking about MD5
> passwords, I was talking about inline MIME encoding for XML,
> email, etc. :)

> However, you have a valid point yourself, and I like the idea.
> I think the initial list should be DES, MD5, Blowfish, and
> possibly Extended DES, since that's what FBSD allows in its
> password system.

AFIK only DES, MD5 and Blowfish are in the password files
in BSD.   A definition of Extended DES fails to come to mind
at the moment.

The FreeBSD default is MD5.  It doesn't mean that password 
files should not be protected, as if they are you will have
the salt needed to run a dictionary attack.

It does limit the attacks that are based on the orignal DES
encryption with only 4096 salts.   Those led to man places
offerning encrypted dictionaries on line so you could
perform a string match with those against a caputered password
file.

However with the number of salts in the default FreeBSD being
approaching two trillion [64 to the 8th power] file/text
matching is pretty much out of the question.  While it doesn't mean
that you are secure from truly determined crackers, at least
it elminates those who don't understand how things work at the
low-level and used password breaking tools even if they had
no clue on just how things were done.

> And, ROT-13 aside, ...

It was good enough for Caesar.

Bill
-- 
Bill Vermillion - bv @ wjv . com


More information about the Filepro-list mailing list