Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!ra!Ra.MsState.Edu!fwp1
From: fwp1@CC.MsState.Edu (Frank Peters)
Newsgroups: comp.unix.misc
Subject: Re: how are password encryped?
Message-ID: <FWP1.90Nov9100147@tzu.CC.MsState.Edu>
Date: 9 Nov 90 16:01:47 GMT
References: <1990Nov5.185707.18709@nntp-server.caltech.edu>
	<1990Nov6.151444.3409@druid.uucp> <13507@crdgw1.crd.ge.com>
	<1990Nov9.095039.20561@newcastle.ac.uk>
Sender: usenet@ra.MsState.Edu
Organization: Computing Center, Mississippi State University
Lines: 34
Nntp-Posting-Host: tzu.cc.msstate.edu
In-reply-to: J.G.Hall@newcastle.ac.uk's message of 9 Nov 90 09:50:39 GMT

In article <1990Nov9.095039.20561@newcastle.ac.uk> J.G.Hall@newcastle.ac.uk (Jon Hall) writes:

   In article <13507@crdgw1.crd.ge.com> volpe@camelback.crd.ge.com (Christopher R Volpe) writes:
   >In article <1990Nov6.151444.3409@druid.uucp>, darcy@druid.uucp (D'Arcy
   >J.M. Cain) writes:
   >|>
   >|>Would you trust a password encryption scheme that you could figure out?
   >|>See crypt(3C) and crypt(3X) for a short discussion on DES Encryption.
   >
   >The original poster said he couldn't figure out *how* passwords
   >are encrypted, not how to decrypt them.
   >
   >I wouldn't trust a password encryption scheme that *relied* upon
   >an attacker's inability to figure out *how* the encryption is done. 
   >You should *always* assume the enemy knows your encryption algorithm.
   >Only the key is assumed secret.
   >
   I beg to differ. The source for a passwd is widely available (including
   key), the difficulty (IMHO) is inverting the encryption algorithm to come up
   with a sensible password. (note sensible, not original).

   Have I picked up this thread correctly?

No.  The 'key' Christopher was referring to is your plain text
password.

Put another way, the only thing you can reasonably assume that a
cracker doesn't know about your password is the password itself.  You
should assume that he/she has the encrypted password and the algorithm
used to generate it.
--
--
Frank Peters   Internet:  fwp1@CC.MsState.Edu         Bitnet:  FWP1@MsState
               Phone:     (601)325-2942               FAX:     (601)325-8921