Hacking and "Amateurism"
Jason "dedos" Austin
jason at cs.odu.edu
Thu Apr 11 13:55:30 AEST 1991
In article <1916 at hpwala.wal.hp.com> lupienj at hpwadac.hp.com (John Lupien) writes:
-> In article <1991Mar27.094325.24599 at en.ecn.purdue.edu> kidder at en.ecn.purdue.edu (Mark Stephen Kidder) writes:
-> >PS I learned earlier from another that UNIX does not use a DES
-> > encryption method for the password; however, a one-way method
-> > is used making decoding a password impossible.
-> ^^^^^^^^^^^
-> To borrow a phrase from one of those "Airplane" movies, "You use that
-> word a lot. I don't think it means what you think it means."
I believe that was from The Princess Bride.
->
-> When someone says that something is "impossible", the first thing that
-> comes to my mind is "how long has it been impossible, and how long will
-> it stay that way?". Certainly I don't know how to decode an encrypted
-> UNIX password, but I think it is somewhat foolhardy to assume that nobody
-> does. There are some very clever people around, and some of them have some
-> very fast and capable hardware.
->
->
-> ---
-> John R. Lupien
-> lupienj at hpwarq.hp.com
It's not too hard to show that it is possible to decode a
password. Every time the same salt and the same password is run
through the crypt function, the same code comes out. (It would have to
or the thing wouldn't work at all) At the worst case, an exhaustive
table from coded to decoded passwords woul; give right answers. Even
if the relation is not 1-1 and each code has more than one possible
decoding, any of the valid decodings would let you log in. Of course,
this would be quite a large table to calculate considering all the
permutations.
--
Jason C. Austin
jason at cs.odu.edu
More information about the Comp.unix.wizards
mailing list