Uninvertible passwd encryption (was: Re: Kmem security)
Miquel van Smoorenburg
miquels at maestro.htsa.aha.nl
Thu Mar 21 23:18:28 AEST 1991
In article <1991Mar19.231715.28594 at comp.vuw.ac.nz> duncan at comp.vuw.ac.nz (Duncan McEwan) writes:
->This has drifted off the topic a little bit, so I've changed the Subject
->(again!) and killed the References:
->
->In article <1991Mar18.153201.23325 at lth.se>
-> magnus at thep.lu.se (Magnus Olsson) writes:
->
->>login does *not* have to decrypt the password from /etc/passwd - indeed,
->>I don't think there's any way it could do that! (The encryption function
->>is not invertible - several different passwords acan have the same
->>encrypted from).
->
->This response to an earlier posting reminded me of something I have been
->curious about. Exactly why is the Unix password encryption algorithm
->uninvertible? It seems to me that the fact that several passwords can
->have the same encrypted form is irrelevent -- the cracker simply has to
->find any *one* password results in a given encrypted string and they are
->in.
->
->Is it to do with the fact that Unix encrypts a constant string using the
->password as a key -- so it *is* possible to work back to that constant string,
->but you still know nothing about the password?
->
->Apologies to any cryptologists out there, to whom this must be obvious!
->
->Duncan.
I don't know exactly if this is true, but:
The input to crypt() is ofcourse the salt, and a password of max. 8 bytes.
However, the MSB of every byte is stripped off! So even if you could
reverse crypt(), and the result has a byte > 127 in it, the result
would be useless. So you have to keep track of a lot of bits if you
want to reverse crypt(), right?
+===============================+============================================+
| | |
| Miquel van Smoorenburg, | It's nice to be important, |
| miquels at maestro.htsa.aha.nl | but it's more important to be nice. |
| | |
+===============================+============================================+
--
+===============================+============================================+
| | |
| Miquel van Smoorenburg, | It's nice to be important, |
| miquels at maestro.htsa.aha.nl | but it's more important to be nice. |
| | |
+===============================+============================================+
More information about the Comp.unix.admin
mailing list