Date: Mon, 29 Jul 1996 16:56:30 -0600 (MDT) From: Brandon Gillespie <brandon@tombstone.sunrem.com> To: Poul-Henning Kamp <phk@critter.tfs.com> Cc: Nathan Lawson <nlawson@kdat.csc.calpoly.edu>, freebsd-security@freebsd.org Subject: Re: Crack 4.1 patches for FBSD Message-ID: <Pine.BSF.3.91.960729165132.10431C-100000@tombstone.sunrem.com> In-Reply-To: <1430.838674512@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Move encryption into kernel. That way a system secrect > salt, or maybe even a hardware-contained salt could be used > that would be well protected from everybody. This would > mean that even if you discovered this salt, you would have > to make a dictionary for each of these salts. I like, I _really_ like. > Make a VERY slow crypt with very long output. Something > in the order of 10s of seconds on a P6/200. It is of > course annoying that things take that long, but dictionaries > would be practically impossible. As long as the sleep is optional, and can be enabled/disabled with a simple command (hooked into sysconfig). On some systems I would likely enable it, but on most (like my workstation) I could frankly care less--I feel secure enough in my local net from system to system (i.e. each system is rather isolated), and the huge login times would simply get irritating quickly. > Make a public/private key version. Interesting possibilities.. And on a related topic, is SHA-1 taboo for exporting (like most crypto), or is it more open like MD5?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960729165132.10431C-100000>