> > Perhaps we could implement some kind of alternate crypt()
> function, one that
> > doesn't take so long?
> Is this a job for twofish?
> > I'm sure some XORs and a little bit of bit rotation
> > between characters in the password would be enough. Not as secure as
> > crypt(), to be sure, but even a crypt()ed password can be brute-force
> > hacked.
> Only if the person chooses a poor password. A complete brute force
> attack is out of reach of most people, for at least the next couple
> of years.
> > The goal is to have the password in a state where it is not just
> > plaintext.
> I'd like to think the goal is a little higher than that.
I don't see why. This is a microcontroller, not a shell account server. Let
the paranoid ones use tinylogin.
This message resent by the email@example.com list server http://www.uClinux.com/
This archive was generated by hypermail 2b30 : Sun Apr 07 2002 - 00:01:34 EST