how are password encryped?

Jonathan I. Kamens jik at athena.mit.edu
Tue Nov 6 06:53:54 AEST 1990 

In article <1990Nov5.185707.18709 at nntp-server.caltech.edu>, gwoho at nntp-server.caltech.edu (g liu) writes:
|> i cant figure out how passwords are encrypted. it does not even seem
|> very deterministic: i can look in the password file, change my password,
|> change it back, and look again, and it changes. how are they encrypted,
|> and how can it even work if the same password encryptes differently
|> 2 differnt times?

  I suggest you read the man page for "crypt" in section 3 of the manual.

  It addresses the "nondeterminism" you mention.  In particular, the algorithm
used to encrypt passwords take the initial password string and a two-character
"salt" which can have any one of 4096 different possible values.  To quote the
man page, "The salt string is used to perturb the DES algorithm in one of 4096
different ways, after which the password is used as the key to encrypt
repeatedly a constant string."

  When you change your password, the passwd(1) program semi-randomly chooses a
salt to use with the newly encrypted entry in the passwd file.  Therefore, if
you change your password and then change it again to the same thing, the odds
are that the encrypted string will end up different the second time because a
different salt will be chosen.

  The purpose of the salt is to deter dictionary attacks against the passwd
file.  If there were no salt, then any particular word used as a password
would always encrypt in the same way, so an attacker could encrypt all of the
words in a dictionary and store them in a password dictionary, and then do
fast string comparisons of the encrypted strings in his dictionary to the
encrypted strings in the passwd file.

  However, because of the salts, the attacker either has to (a) encrypt all of
the words in his dictionary using each of the 4096 salts, or (b) do the
encryption of the entire dictionary on the fly as he tries to crack each
password, based on the salt for that particular password.

  There was a time when the added protection of the salt made it "effectively
impossible," or at least very improbable, to do a dictionary attack against a
well-chosen password.  However, in this age of mega-fast CPU's and mega-large
disks, it isn't really enough anymore.

  ("Mega-fast" and "mega-large" are, of course, very specific terms with very
technical meanings upon which I won't elaborate here :-).

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik at Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710

More information about the Comp.unix.misc mailing list