Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!crdgw1!camelback!volpe
From: volpe@camelback.crd.ge.com (Christopher R Volpe)
Newsgroups: comp.unix.misc
Subject: Re: how are password encryped?
Message-ID: <13507@crdgw1.crd.ge.com>
Date: 8 Nov 90 00:21:08 GMT
References: <1990Nov5.185707.18709@nntp-server.caltech.edu> <1990Nov6.151444.3409@druid.uucp>
Sender: news@crdgw1.crd.ge.com
Reply-To: volpe@camelback.crd.ge.com (Christopher R Volpe)
Lines: 25

In article <1990Nov6.151444.3409@druid.uucp>, darcy@druid.uucp (D'Arcy
J.M. Cain) writes:
|>
|>Would you trust a password encryption scheme that you could figure out?
|>See crypt(3C) and crypt(3X) for a short discussion on DES Encryption.

The original poster said he couldn't figure out *how* passwords
are encrypted, not how to decrypt them.

I wouldn't trust a password encryption scheme that *relied* upon
an attacker's inability to figure out *how* the encryption is done. 
You should *always* assume the enemy knows your encryption algorithm.
Only the key is assumed secret.

|>
|>-- 
|>D'Arcy J.M. Cain (darcy@druid)     |
|>D'Arcy Cain Consulting             |   I support gun control.
|>West Hill, Ontario, Canada         |   Let's start with the government!
|>+ 416 281 6094                     |
                 
==================
Chris Volpe
G.E. Corporate R&D
volpecr@crd.ge.com