how are password encryped?
Frank Peters
fwp1 at CC.MsState.Edu
Sat Nov 10 03:01:47 AEST 1990
In article <1990Nov9.095039.20561 at newcastle.ac.uk> J.G.Hall at newcastle.ac.uk (Jon Hall) writes:
In article <13507 at crdgw1.crd.ge.com> volpe at camelback.crd.ge.com (Christopher R Volpe) writes:
>In article <1990Nov6.151444.3409 at druid.uucp>, darcy at druid.uucp (D'Arcy
>J.M. Cain) writes:
>|>
>|>Would you trust a password encryption scheme that you could figure out?
>|>See crypt(3C) and crypt(3X) for a short discussion on DES Encryption.
>
>The original poster said he couldn't figure out *how* passwords
>are encrypted, not how to decrypt them.
>
>I wouldn't trust a password encryption scheme that *relied* upon
>an attacker's inability to figure out *how* the encryption is done.
>You should *always* assume the enemy knows your encryption algorithm.
>Only the key is assumed secret.
>
I beg to differ. The source for a passwd is widely available (including
key), the difficulty (IMHO) is inverting the encryption algorithm to come up
with a sensible password. (note sensible, not original).
Have I picked up this thread correctly?
No. The 'key' Christopher was referring to is your plain text
password.
Put another way, the only thing you can reasonably assume that a
cracker doesn't know about your password is the password itself. You
should assume that he/she has the encrypted password and the algorithm
used to generate it.
--
--
Frank Peters Internet: fwp1 at CC.MsState.Edu Bitnet: FWP1 at MsState
Phone: (601)325-2942 FAX: (601)325-8921
More information about the Comp.unix.misc
mailing list