how are password encryped?
Charles Clarke
clarke at ives.cs.colostate.edu
Sun Nov 11 14:03:39 AEST 1990
For the passwords, the 'key' is easily obtainable. It is the salt
(first two letters of the encrypted password for those of you who missed that).
The password (unencrypted) is the plain text. The program encrypts your
password using the key and a modified DES. It then compares this with
what is stored for you in the passwd file.
As was pointed out, you do not care who knows the encryption algorithm
(in this case, you do not care who knows about the key either), the only
thing you need to worry about is someone knowing a decryption algorithm
or having the information of what can produce your encrypted password given
your salt. Note that this may be several strings, not just your password.
Looking at the source for crypt(3) is a way to see what the modified DES
looks like, but expect to get a headache.
Happy hacking!
charles
More information about the Comp.unix.misc
mailing list