Re: [uCsimm] tinylogin

From: Larry Doolittle (
Date: Tue Mar 07 2000 - 13:25:27 EST

> Perhaps we could implement some kind of alternate crypt() function, one that
> doesn't take so long?

Is this a job for twofish?

> I'm sure some XORs and a little bit of bit rotation
> between characters in the password would be enough. Not as secure as
> crypt(), to be sure, but even a crypt()ed password can be brute-force
> hacked.

Only if the person chooses a poor password. A complete brute force
attack is out of reach of most people, for at least the next couple
of years.

> The goal is to have the password in a state where it is not just
> plaintext.

I'd like to think the goal is a little higher than that.

    - Larry
This message resent by the list server

This archive was generated by hypermail 2b30 : Sun Apr 07 2002 - 00:01:34 EST