how are password encryped?

Jon Hall J.G.Hall at newcastle.ac.uk
Fri Nov 9 20:50:39 AEST 1990


In article <13507 at crdgw1.crd.ge.com> volpe at camelback.crd.ge.com (Christopher R Volpe) writes:
>In article <1990Nov6.151444.3409 at druid.uucp>, darcy at druid.uucp (D'Arcy
>J.M. Cain) writes:
>|>
>|>Would you trust a password encryption scheme that you could figure out?
>|>See crypt(3C) and crypt(3X) for a short discussion on DES Encryption.
>
>The original poster said he couldn't figure out *how* passwords
>are encrypted, not how to decrypt them.
>
>I wouldn't trust a password encryption scheme that *relied* upon
>an attacker's inability to figure out *how* the encryption is done. 
>You should *always* assume the enemy knows your encryption algorithm.
>Only the key is assumed secret.
>
I beg to differ. The source for a passwd is widely available (including
key), the difficulty (IMHO) is inverting the encryption algorithm to come up
with a sensible password. (note sensible, not original).

Have I picked up this thread correctly?
>
>==================
>Chris Volpe
>G.E. Corporate R&D
>volpecr at crd.ge.com

--jon



ARPA : j.g.hall at newcastle.ac.uk               JANET: j.g.hall at uk.ac.newcastle
UUCP : ...!ukc!newcastle.ac.uk!j.g.hall       PHONE: +44 91 222 7957
SNAIL: Computing Laboratory, University of Newcastle upon Tyne, UK, NE1 7RU



More information about the Comp.unix.misc mailing list