Newsgroups: sci.crypt
From: hoey@ai.etl.army.mil (Dan Hoey)
Date: 30 Nov 90 20:01:20 GMT
Subject: Re: Password Probabilities

pal...@tallis.enet.dec.com (Colonel Mode) writes:

>To derive all possible n bit binary values from an ascii password string, XOR
>each byte of the string into the least significant byte of the n bit field and
>rotate the field 7 bits to the left before XORing the next byte in.

Actually, you should rotate the field by an amount that is at least 7
(so that all extremely short passwords are distinct) and relatively
prime to n (so that the characters are shifted to every possible
position within the field).  Since n=56, the smallest such number is 9.

But the really good way of mixing characters is is to notice that the
Unix password scheme is losing out by always using 0 as the plaintext
to (iterated) DES.  What you ought to do is to use each character as a
key for encoding *the result from the previous character*.  Or you can
use substrings of eight characters as the key, if you like, but the
important thing is to chain the results together so you don't have the
pathetic 56-bit restriction now endemic to Unix.  Notice that the XOR
method can never take you past 56 bits of key, it just makes some of
the keys easier to type.  Even better is to let the number of DES
iterations increase at each stage, so you can even protect against
increases in processor speed to some extent.

I got the basic form of this idea off the net a couple of years ago
but I forget who came up with it.  I just wish someone would start
using it, rather than just ignoring all characters past the eighth.

Dan Hoey
Hoey@AIC.NRL.Navy.Mil