[Cryptography] The proper way to hash password files

[Dave Horsfall]

On Thu, 22 May 2014, Phillip Hallam-Baker wrote:

> It occurs to me that most of the time, machines do password files wrong. 
> Rather than using a salted hash, a better approach would be to use a MAC 
> with a randomly chosen key that is never disclosed.

Giggle.  In the really early days of Unix, passwords were stored in the 
clear, in a world-unreadable file, but using a temporary file for 
intermediate processing.  Then, one day, it picked the same file as did a 
text editor, and the emperor suddenly had no clothes...  Major oops.

Thus was born the Enigma scheme with an extra rotor, and then salted DES; 
looks like FreeBSD is using MD5.  I really have to find that article.

I vaguely recall reading somewhere that even MD5 has been broken, and
that we should be using AES, as recommended by the good folks at the CIA.

The trouble with computers is that they keep getting faster...

Double giggle: in my Uni days, word quickly got around that to get the 
system password on the CDC Cyber, you merely had to interrupt a process at 
just the right time.  I was almost caught, when the department head and 
the computer manager walked into the terminal room, discussing this very 
problem.

-- Dave, who will strenuously deny that he wrote the above