how are password encryped?
Jonathan I. Kamens
jik at athena.mit.edu
Mon Nov 12 11:59:44 AEST 1990
In article <11101 at ccncsu.ColoState.EDU>, clarke at ives.cs.colostate.edu (Charles Clarke) writes:
|> For the passwords, the 'key' is easily obtainable. It is the salt
|> (first two letters of the encrypted password for those of you who missed that).
|>
|> The password (unencrypted) is the plain text. The program encrypts your
|> password using the key and a modified DES. It then compares this with
|> what is stored for you in the passwd file.
Methinks you need to get your terminology straightened out, because, simply
put, this is wrong.
The word "key" refers to the password, not to the two-letter salt. If you
don't believe me, look at the man page for crypt(3), which uses the words
"key" and "salt" in this way, not in the way you have claimed above.
Furthermore, in cryptological circles (in which I do not claim to be an
expert, but I do know *something* about cryptology), "key" is used to refer to
the private information possessed by the user attempting to authenticate
himself; in this case, that private information is the password.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.misc
mailing list