Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!henry From: henry@utzoo.UUCP (Henry Spencer) Newsgroups: net.crypt,net.unix-wizards Subject: Re: crypt(1) -- how secure, how breakable? (addenda and errata) Message-ID: <4466@utzoo.UUCP> Date: Mon, 15-Oct-84 15:17:06 EDT Article-I.D.: utzoo.4466 Posted: Mon Oct 15 15:17:06 1984 Date-Received: Mon, 15-Oct-84 15:17:06 EDT References: <4342@utzoo.UUCP>, <4393@utzoo.UUCP> Organization: U of Toronto Zoology Lines: 47 Several people have written with additions and corrections to my original posting about crypt(1). The big one is that Jim Reeds, who wasn't mentioned in my article at all, was the Bell Labs man who broke crypt. Bob Morris Sr. and Peter Weinberger were involved, but in lesser ways. Oops. My info did come from within Bell Labs; I guess my informant simply had it wrong. My apologies to Jim, who was one of the folks who wrote to me and whose comments I draw on heavily in the following. The Bell folks do not think that they can break all possible improved forms of crypt, although they have broken one or two. Morris's Cryptologia paper describing how to break the M-209 required known plaintext, and the M-209 definitely is not the "most modern" Hagelin machine. Furthermore, V7 crypt(1) is not a Hagelin algorithm at all, so it's irrelevant. [Blush. I'm not a serious cryptology fan myself, but I should have remembered *that*!] Aegean Park Press is no longer the publisher of Cryptologia, although it used to be. The Barker book does not work up to full rotor machines, it works up to a full Hagelin M-209. As mentioned above, there is no relation. Jim Reeds is doubtful about the suggestion of a multi-rotor machine being breakable in a few hours; he thinks he can make a small multi-rotor machine that is nearly unbreakable. This disagreement probably cannot be resolved in a public forum, since my source for the original comment probably isn't allowed to elaborate. Reeds also points out that the chances of your security being breached by cryptanalysis are much lower than the chances of penetration via superuser access (legitimate or as a result of a security breach). The knowledge and skills needed for the latter approach are much more widely available. There is general agreement about my overall summation: crypt(1) is probably adequate protection against snoopers, unless you have snoopers who are sophisticated cryptanalysts or have access to sophisticated cryptanalytic software. Bear in mind my earlier comments: short files, each encrypted with a different key, will make the breaker's job harder. The desirability of long keys is less clear; crypt(1) does chop the keys at 8 characters, and Jim Reeds says that key length is not really very significant, but note that very short keys are subject to breaking by exhaustive search. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,linus,decvax}!utzoo!henry