Portal de Periódicos da CAPES

A Study of Password Security

1988; Springer Science+Business Media; Linguagem: Inglês

10.1007/3-540-48184-2_34

1611-3349

Michael Luby, Charles Rackoff,

Advanced Malware Detection Techniques

Our work is motivated by the question of whether or not the password scheme used in UNIX is secure. The following password scheme is a somewhat simplified version of the actual password scheme used in UNIX. We feel that this simplified version captures the essential features of the actual password scheme used in UNM. When a user logs in for the first time he creates a random password and types his user name together with the password into the system. The system creates an encryption of the password using the Data Encryp- tion Standard (DES) and stores this (only the encryption, not the password) together with the user name in a password file. Thereafter, whenever the user logs in and types in his user name and password the system computes the encryption of the password and only allows the user to successfully log in if the encryption matches the entry stored with the user name in the password file.