‘ ‘ Foiling the Cracker ’ ’ : yA Survey of , and Improvements to , Password Securit

c Unix. When Unix was younger, the password encryption algorithm was a simulation of the M-209 ipher machine used by the U.S. Army during World War II [Morris1979]. This was a fair encryption s t mechanism in that it was difficult to invert under the proper circumstances, but suffered in that it wa oo fast an algorithm. On a PDP-11/70, each encryption took approximately 1.25ms, so that it was posr c sible to check roughly 800 passwords/second. Armed with a dictionary of 250,000 words, a cracke ould compare their encryptions with those all stored in the password file in a little more than five