Uninvertible passwd encryption (was: Re: Kmem security)

Miquel van Smoorenburg miquels at maestro.htsa.aha.nl
Thu Mar 21 23:18:28 AEST 1991 

In article <1991Mar19.231715.28594 at comp.vuw.ac.nz> duncan at comp.vuw.ac.nz (Duncan McEwan) writes:
->This has drifted off the topic a little bit, so I've changed the Subject
->(again!) and killed the References:
->
->In article <1991Mar18.153201.23325 at lth.se>
->	magnus at thep.lu.se (Magnus Olsson) writes:
->
->>login does *not* have to decrypt the password from /etc/passwd - indeed,
->>I don't think there's any way it could do that! (The encryption function
->>is not invertible - several different passwords acan have the same
->>encrypted from).
->
->This response to an earlier posting reminded me of something I have been
->curious about.  Exactly why is the Unix password encryption algorithm
->uninvertible?  It seems to me that the fact that several passwords can
->have the same encrypted form is irrelevent -- the cracker simply has to
->find any *one* password results in a given encrypted string and they are
->in.
->
->Is it to do with the fact that Unix encrypts a constant string using the
->password as a key -- so it *is* possible to work back to that constant string,
->but you still know nothing about the password?
->
->Apologies to any cryptologists out there, to whom this must be obvious!
->
->Duncan.

I don't know exactly if this is true, but:
The input to crypt() is ofcourse the salt, and a password of max. 8 bytes.
However, the MSB of every byte is stripped off! So even if you could
reverse crypt(), and the result has a byte > 127 in it, the result
would be useless. So you have to keep track of a lot of bits if you
want to reverse crypt(), right?

+===============================+============================================+
|                               |                                            |
| Miquel van Smoorenburg,       |  It's nice to be important,                |
| miquels at maestro.htsa.aha.nl   |  but it's more important to be nice.       |
|                               |                                            |
+===============================+============================================+
-- 
+===============================+============================================+
|                               |                                            |
| Miquel van Smoorenburg,       |  It's nice to be important,                |
| miquels at maestro.htsa.aha.nl   |  but it's more important to be nice.       |
|                               |                                            |
+===============================+============================================+

More information about the Comp.unix.admin mailing list