random passwords (was Re: Worm...)

Daniel Ray norstar at tnl.UUCP
Tue Dec 6 07:24:10 AEST 1988


In article <9119 at rpp386.Dallas.TX.US>, jfh at rpp386.Dallas.TX.US (The Beach Bum) writes:
> > and grep the password file why is everyone so sure that a mainframe
> > cannot be used to reverse the encryption routine?
> 
> The former is much simpler than the later.  I can encrypt a dictionary on
> an unused PC running UNIX.  Trying to reverse [ brute-force decrypt is
> more like it ] a password on a PC would take significantly more time than
> you or I have on this earth.
> -- 
> John F. Haugh II                        +-Cat of the Week:--------------_   /|-

Correct me if I'm wrong, but I recall reading one of the old UNIX abstracts
(in the back of "UNIX System Security" by Wood & Kochan, Hayden Books) that
states that the crypt() routine IRREVERSIBLY encrypts a password. As a trivial
example: lets say we encrypt the alphabet..A is mapped to B, B to C, C to D,
etc, except that both Y and Z are  mapped to Z. The encrypted text of the
word "ZOO" would be "ZPP". Easy to do. However, by knowing that the ciphered
text is "ZPP", can one reverse it? No, because both "ZOO" and "YOO" encrypt
to that. I thought crypt() was like this in a much more sophisticated way,
and that there exists the remote but theoretical possibility of password
collision (two different passwords encrypting to the same string using the
same salt).

Is this true, or am I all mixed up :@) !!

norstar
The Northern Lights, Burlington Vermont               |     
tnl dialins: 802-865-3614 at 300-2400 bps.          ` | /   
------------------------------------------        --- * --- 
uucp: uunet!uvm-gen!tnl!norstar or                  / | .   
{decvax,linus}!dartvax!uvm-gen!tnl!norstar            |     



More information about the Comp.unix.wizards mailing list