Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!emory!gatech!bloom-beacon!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.misc
Subject: Re: how are password encryped?
Message-ID: <1990Nov12.005944.22034@athena.mit.edu>
Date: 12 Nov 90 00:59:44 GMT
References: <13507@crdgw1.crd.ge.com> <1990Nov9.095039.20561@newcastle.ac.uk> <FWP1.90Nov9100147@tzu.CC.MsState.Edu> <11101@ccncsu.ColoState.EDU>
Sender: daemon@athena.mit.edu (Mr Background)
Reply-To: jik@athena.mit.edu (Jonathan I. Kamens)
Distribution: na
Organization: Massachusetts Institute of Technology
Lines: 24

In article <11101@ccncsu.ColoState.EDU>, clarke@ives.cs.colostate.edu (Charles Clarke) writes:
|> For the passwords, the 'key' is easily obtainable.  It is the salt
|> (first two letters of the encrypted password for those of you who missed that).
|> 
|> The password (unencrypted) is the plain text.  The program encrypts your
|> password using the key and a modified DES.  It then compares this with
|> what is stored for you in the passwd file.

  Methinks you need to get your terminology straightened out, because, simply
put, this is wrong.

  The word "key" refers to the password, not to the two-letter salt.  If you
don't believe me, look at the man page for crypt(3), which uses the words
"key" and "salt" in this way, not in the way you have claimed above. 
Furthermore, in cryptological circles (in which I do not claim to be an
expert, but I do know *something* about cryptology), "key" is used to refer to
the private information possessed by the user attempting to authenticate
himself; in this case, that private information is the password.

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710