Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!apple!olivea!mintaka!bloom-beacon!eru!hagbard!sunic!mcsun!ukc!newcastle.ac.uk!turing!njgh
From: J.G.Hall@newcastle.ac.uk (Jon Hall)
Newsgroups: comp.unix.misc
Subject: Re: how are password encryped?
Message-ID: <1990Nov9.095039.20561@newcastle.ac.uk>
Date: 9 Nov 90 09:50:39 GMT
References: <1990Nov5.185707.18709@nntp-server.caltech.edu> <1990Nov6.151444.3409@druid.uucp> <13507@crdgw1.crd.ge.com>
Sender: news@newcastle.ac.uk
Organization: Computing Laboratory, U of Newcastle upon Tyne, UK NE1 7RU.
Lines: 33

In article <13507@crdgw1.crd.ge.com> volpe@camelback.crd.ge.com (Christopher R Volpe) writes:
>In article <1990Nov6.151444.3409@druid.uucp>, darcy@druid.uucp (D'Arcy
>J.M. Cain) writes:
>|>
>|>Would you trust a password encryption scheme that you could figure out?
>|>See crypt(3C) and crypt(3X) for a short discussion on DES Encryption.
>
>The original poster said he couldn't figure out *how* passwords
>are encrypted, not how to decrypt them.
>
>I wouldn't trust a password encryption scheme that *relied* upon
>an attacker's inability to figure out *how* the encryption is done. 
>You should *always* assume the enemy knows your encryption algorithm.
>Only the key is assumed secret.
>
I beg to differ. The source for a passwd is widely available (including
key), the difficulty (IMHO) is inverting the encryption algorithm to come up
with a sensible password. (note sensible, not original).

Have I picked up this thread correctly?
>
>==================
>Chris Volpe
>G.E. Corporate R&D
>volpecr@crd.ge.com

--jon



ARPA : j.g.hall@newcastle.ac.uk               JANET: j.g.hall@uk.ac.newcastle
UUCP : ...!ukc!newcastle.ac.uk!j.g.hall       PHONE: +44 91 222 7957
SNAIL: Computing Laboratory, University of Newcastle upon Tyne, UK, NE1 7RU