Tuesday, November 16, 2004

Re: Secret Key Cryptography

I didn't understand this. What dyou mean 25 times in a row?

I'll post the entire unix password encryption process a little later. However, in brief - while storing passwds, unix encodes a block of 64 zeroes using the key got from the passwd entered by the user. The cipher text is again encoded using the key. This process is done 25 times. So when someone is attempting to log on, the system compares the final cipher text got from the passwd entered by the user to the cipher text got from the passwd the user entered when the account was created (or the passwd was last changed). If the cipher text matches, he's in.

This method of encrypting 25 times was done to slow down the passwd cracking process (basically the key search) 25 times. However, with the computing power available today I don't think it's of a whole lot of importance. If you go through the link I'd posted on DES, you'll see that it uses certain tables to encrypt stuff. The unix passwd encryption system tables different from those specified in the standard DES. This is done so that hardware encryption chips for DES can't be used to crack unix passwds.

Yeah Crypto is an interesting topic. I guess lots of maths is involved. I've read that since a lot of it comes down to factoring large numbers, quantum computers would basically shatter all encription. So they need to come up with new methods to secure data.

The security of the cryptosystems basically depends on the computational infeasibility in factoring large *prime* numbers. Their feasibility comes from the fact that it's easy to generate large primes. As computing power increases, larger key sizes are being used. Don't know much about the exact speed of quantum computers but to keep the current systems secure they'll have to use obscenely large key sizes or like you said come up with new encryption algorithms.


No comments: