Who was it that said, "if you turn the sausage grinder backwards - you dont get a pig out."? I always thought this was a very descriptive way to explain the unix encryption routine.
-----Original Message----- From: Kyle Amon <[EMAIL PROTECTED]> To: Debian User List <debian-user@lists.debian.org> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Michael Beattie <[EMAIL PROTECTED]>; Joey Hess <[EMAIL PROTECTED]> Date: Wednesday, August 19, 1998 9:47 PM Subject: Re: Linux and Security >-----BEGIN PGP SIGNED MESSAGE----- > >On Wed, 19 Aug 1998, Joey Hess wrote: > >> George Bonser wrote: >> > On Wed, 19 Aug 1998, Michael Beattie wrote: >> > >> > > Okay, true, but it was more of a feasability question, "if you can get the >> > > string, is it possible to use the following method to decrypt it??" >> > >> > Sure ... the login program has to decrypt it, doesn't it? You can >> > cut/paste passwd entries between linux systems ... the encrypted password >> > is not system-specific. >> >> No, it's not reversable. There is no way to get the original password from >> the data in the shadow password file. >> >> Login simply takes the password the user enters, encrypts it using crypt(), >> and compares it with that's in the password file. No decryption is done. > >Actually a one way hash is used, not encryption. This is why it is not >possible to decrypt it -- it quite simply is not encrypted in the first >place. > >- - Kyle > >Kyle Amon email: [EMAIL PROTECTED] >Unix Systems Administrator phone: (203) 486-3290 >Security Specialist pager: 1-800-759-8888 PIN 1616512 >IBM Global Services or [EMAIL PROTECTED] > email: [EMAIL PROTECTED] > url: http://www.gnutec.com/kyle >KeyID 1024/26DD13D9 >Fingerprint = 7D 86 D1 AE 4B E9 91 6A 4B BC B5 B4 12 F0 D3 1A > >"GNU does not eliminate all the world's problems, only some of them." > > - Richard Stallman > The GNU Manifesto, 1985 > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3ia >Charset: noconv > >iQCVAgUBNdrVzMTIuZsm3RPZAQE0agQAuAbthdwpDnUPMxrS1ioBWy1W78sXcaL0 >Due3wZsa0Z6n/NuutSIf8QAFGxN2RLm1xhd1tLg0W4w/2XgTnkInyNB+eU4M7mGz >3czIfxjcSKm+YGBwzinOtlnm5vCWapqNKTfd4KM9tl3tSN85sPeKdGp0/ntMMrlu >Sq3wUr4hcU0= >=sa00 >-----END PGP SIGNATURE----- > > >-- >Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >