Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!fs7.ece.cmu.edu!europa.eng.gtefsd.com!howland.reston.ans.net!usc!elroy.jpl.nasa.gov!ames!data.nas.nasa.gov!taligent!tom-vanvleck.taligent.com!user
From: tom_van_vleck@taligent.com (Tom Van Vleck)
Subject: Re: looking for one-way (trap-door, password encryption, etc.) algorithms
Message-ID: <tom_van_vleck-050493130210@tom-vanvleck.taligent.com>
Followup-To: sci.crypt,sci.math
Sender: usenet@taligent.com (More Bytes Than You Can Read)
Organization: -
References: <1993Mar30.192108.22313@husc3.harvard.edu>
Distribution: usa
Date: Mon, 5 Apr 1993 20:18:36 GMT
Lines: 21

Michael Levin wrote:
>      I am looking for references to algorithms which can be used for
> password encryption. I.e., someone has a clear-text word, runs it
> through the algorithm, and it becomes some other sequence of symbols.
> I want this algorithm to have the property that it is a) next to
> impossible to reverse, and b) would take too long to try all possible
> words to see which one works (even by use of a high-speed computer).
> Please send references or ideas to mlevin@husc8.harvard.edu.

The original one-way encryption I put into Multics about 1968 (as suggested

by Joe Weizenbaum) was invertible.  An Air Force tiger team demonstrated 
this to me in May 1973.  I then asked an expert (who requested anonymity) 
what I should use instead; the expert's suggestion was to treat the 
8-byte password as both key and data for the LUCIFER encryption algorithm, 
which is similar or identical to DES.  This method or something stronger 
should take care of (a).  Issue (b) is discussed in comp.security.misc: 
longer passwords and quality control on what users can choose as passwords
are the common tactics.

tom_vanvleck@taligent.com
