Re: Re: Re: OODL: CFD: Leadership in the OpenCard Project

[MP0werd]

In a message dated 5/3/99 12:21:42 AM, you wrote:

>Adrian: Okay, I don't understand much of this, but I'm hoping I 
>won't need to.  Just tell me (so I can be certain), using your 
>scripts, there's no way to get the password even if I had a copy of 
>the cgi and went through the scripts to find the formula used.  This 
>sounds like what a one way function should be.

MP0werd: I think I made a minor booboo regarding my explanation. I used a 2 
way function to do the job, a 1 way function would work like this (not sure 
about all the details):

salt+00000000 > encrypt with password > encrypted string

to check:

salt+00000000 > encrypt with password > does string = stored string?
If yes, proceed, if no, don't.

The part I'm unclear about is how *nix keeps the salt the same on both the 
stored password and the unencrypted password. Maybe I was right the first 
time, and *nix uses a two way function, or maybe I got the details of this 
implemention wrong somehow. I'll have to consult my various texts.