Re: [LANdb] Proposed login system

> > Probably yes, in this case.  I haven't timed it, but I would suspect md5 to
> > be faster than Crypt, since md5 is allowed to be lossy - the results of
> > Crypt absolutelly must be lossless and capable of be decrypted, while md5
> > is able to get away with a non-zero but very small chance that two
> > different strings will return the same hash.
>
>  MD5 should be faster than crypt, since the standard crypt uses a
>  modified DES. I must point out, however, that crypt is merely a
>  hash just like MD5 just "weaker". Anyhow, I suggest using RIPEMD
>  or SHA-1 (as does Ron Rivest btw. ftp://ftp.rsa.com/pub/pdfs/
>  bulletn4.pdf)

Just so anyone doesn't go out of their way here... [Strong] Encryption isn't
*that* big a deal here.  The idea is just that we're not sending the username
and password all over the place- we could simply send an extremely (uhm)
"random" number around instead- it doesn't really matter.  Besides that, the
login key doesn't even include the user's password, so sniffing/decrypting it
wouldn't get you anywhere.  The trick would be to sniff the login itself, and
get the username and password in plain text.

John






-------------------------------------
LANdb - The Network Management Database
To unsubscribe, send email to landb-request@avenir.dhs.org
	and put 'unsubscribe' in the subject line
Administrative contact: weez@avenir.dhs.org
-------------------------------------