Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!emory!wuarchive!waikato.ac.nz!comp.vuw.ac.nz!duncan
From: duncan@comp.vuw.ac.nz (Duncan McEwan)
Newsgroups: comp.unix.admin
Subject: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <1991Mar19.231715.28594@comp.vuw.ac.nz>
Date: 19 Mar 91 23:17:15 GMT
Sender: news@comp.vuw.ac.nz (News Admin)
Organization: Dept. of Comp. Sci., Victoria Uni. of Wellington, New Zealand.
Lines: 25
Nntp-Posting-Host: offramp.comp.vuw.ac.nz

This has drifted off the topic a little bit, so I've changed the Subject
(again!) and killed the References:

In article <1991Mar18.153201.23325@lth.se>
	magnus@thep.lu.se (Magnus Olsson) writes:

>login does *not* have to decrypt the password from /etc/passwd - indeed,
>I don't think there's any way it could do that! (The encryption function
>is not invertible - several different passwords acan have the same
>encrypted from).

This response to an earlier posting reminded me of something I have been
curious about.  Exactly why is the Unix password encryption algorithm
uninvertible?  It seems to me that the fact that several passwords can
have the same encrypted form is irrelevent -- the cracker simply has to
find any *one* password results in a given encrypted string and they are
in.

Is it to do with the fact that Unix encrypts a constant string using the
password as a key -- so it *is* possible to work back to that constant string,
but you still know nothing about the password?

Apologies to any cryptologists out there, to whom this must be obvious!

Duncan.