Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!apple!agate!e260-1c.berkeley.edu!c60b-1eq
From: c60b-1eq@e260-1c.berkeley.edu (Noam Mendelson)
Newsgroups: comp.unix.admin
Subject: Re: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <1991Mar20.061813.17416@agate.berkeley.edu>
Date: 20 Mar 91 06:18:13 GMT
References: <1991Mar19.231715.28594@comp.vuw.ac.nz>
Sender: usenet@agate.berkeley.edu (USENET Administrator)
Organization: University of California, Berkeley
Lines: 25

In article <1991Mar19.231715.28594@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
>Exactly why is the Unix password encryption algorithm
>uninvertible?  It seems to me that the fact that several passwords can
>have the same encrypted form is irrelevent -- the cracker simply has to
>find any *one* password results in a given encrypted string and they are
>in.
>Is it to do with the fact that Unix encrypts a constant string using the
>password as a key -- so it *is* possible to work back to that constant string,
>but you still know nothing about the password?

Yes, UNIX encrypts a constant string repeatedly using the password as
the key.  Another key, known as the salt, is included so as to skew the
encryption process, making it harder to crack.  The salt is a two-character
key which can contain the characters a-z, A-Z, and 0-9, and it is chosen
randomly by UNIX.  If you look at an /etc/passwd entry, the first two
characters of the password field make up the salt, and the remaining
characters make up the password.
I don't see the logic in trying to "work back" to the constant string.
If one were to crack passwords they would attempt to encrypt strings
and compare the result to the /etc/passwd entry (since they know the salt).

===============================================================
Noam Mendelson                       | "I haven't lost my mind,
c60b-1eq@web.Berkeley.EDU            |  it's backed up on tape
University of California at Berkeley |  somewhere."