![[equation]](password-7.gif)
) and the 64-bit
result of the encryption are entered into the password
file.
The key search technique is still
likely to turn up a few passwords when it is used
on a large collection of passwords, and it seemed wise to make this
task as difficult as possible.
To this end, when a password is first entered, the password program
obtains a 12-bit random number (by reading the real-time clock)
and appends this to the password typed in by the user.
The concatenated string is encrypted and both the
12-bit random quantity (called the ) and the 64-bit
result of the encryption are entered into the password
file.
When the user later logs in to the system, the 12-bit
quantity is extracted from the password file and appended
to the typed password.
The encrypted result is required, as before, to be the same as the
remaining 64 bits in the password file.
This modification does not increase the task of finding
any individual
password,
starting from scratch,
but now the work of testing a given character string
against a large collection of encrypted passwords has
been multiplied by 4096 (![[equation]](password-8.gif)
).
The reason for this is that there are 4096 encrypted
versions of each password and one of them has been picked more
or less at random by the system.
With this modification, it is likely that the bad guy can spend days of computer time trying to find a password on a system with hundreds of passwords, and find none at all. More important is the fact that it becomes impractical to prepare an encrypted dictionary in advance. Such an encrypted dictionary could be used to crack new passwords in milliseconds when they appear.
There is a (not inadvertent) side effect of this modification. It becomes nearly impossible to find out whether a person with passwords on two or more systems has used the same password on all of them, unless you already know that.