RE: [uCsimm] tinylogin

From: Stu (doktor1@earthlink.net)
Date: Tue Mar 07 2000 - 15:06:55 EST


> > Perhaps we could implement some kind of alternate crypt()
> function, one that
> > doesn't take so long?
>
> Is this a job for twofish?

No idea.

> > I'm sure some XORs and a little bit of bit rotation
> > between characters in the password would be enough. Not as secure as
> > crypt(), to be sure, but even a crypt()ed password can be brute-force
> > hacked.
>
> Only if the person chooses a poor password. A complete brute force
> attack is out of reach of most people, for at least the next couple
> of years.
>
> > The goal is to have the password in a state where it is not just
> > plaintext.
>
> I'd like to think the goal is a little higher than that.

I don't see why. This is a microcontroller, not a shell account server. Let
the paranoid ones use tinylogin.

This message resent by the ucsimm@uclinux.com list server http://www.uClinux.com/



This archive was generated by hypermail 2b30 : Sun Apr 07 2002 - 00:01:34 EST