In a message dated 5/3/99 1:00:30 AM, you wrote:
>Adrian: This system makes sense to me. All I need is a one-way
>formula. I will ring my Dad tonight and talk to him (he's a Math's
>teacher and I recall talking to him about one-way formulas once
>before.) I will also search the net for a DES external tonight.
My trusty Hackintosh Bible has all the info:
Hackintosh Bible: Contrary to popular belief, Unix passwords cannot be
decrypted. Unix passwords are encrypted with a one way function. The login
program encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Hackintosh Bible: Now take a look at the PASSWORD in this entry:
8d34jSjs73hsb. This is, in fact, NOT the password. It is, instead, the
encrypted equivalent TO the password. As part of the UNIX Account
Registration process, when a User designates a password, the UNIX takes the
password, and (*this is important*) uses the other information from the
account to generate an encrypted equivalent to the actual password. Why?
Because as part of the UNIX operating system, users MUST have access to the
'passwd' file to be able to login. But if anyone who has an account can
access the 'passwd' file, they can also see what everyone else's Password is.
So, UNIX's security against this is to encrypt the password entry for each
users account so that noone else will know what anyone elses password is.
