Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uwm.edu!ogicse!ucsd!hub.ucsb.edu!ucsbuxa!2004ktz
From: 2004ktz@ucsbuxa.ucsb.edu (David G. Koontz)
Newsgroups: comp.unix.admin
Subject: Re: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <10108@hub.ucsb.edu>
Date: 21 Mar 91 02:12:38 GMT
References: <1991Mar19.231715.28594@comp.vuw.ac.nz> <1991Mar20.125811.27150@athena.mit.edu>
Sender: news@hub.ucsb.edu
Lines: 27

In article <1991Mar20.125811.27150@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:

>In article <1991Mar19.231715.28594@comp.vuw.ac.nz>, duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
>|> This response to an earlier posting reminded me of something I have been
>|> curious about.  Exactly why is the Unix password encryption algorithm
>|> uninvertible?  It seems to me that the fact that several passwords can
>|> have the same encrypted form is irrelevent -- the cracker simply has to
>|> find any *one* password results in a given encrypted string and they are
>|> in.

>  Yes, the fact that several passwords can have the same encrypted form is
>mostly irrelevant, since the function I, if it existed, would only have to be
>able to find *one* such form.  The point, however, is that it doesn't exist
>(or, at least, is not known to exist).

If anyone has a sample of two passwords encrypting to the same result
in the same salt, please publish them.

The data value to DES starts as ZEROs, while 56 bits ( 7 bit ascii
times 8 bytes max) of key are generated from the plaintext password.

The DES algorithm is repeated 25 times.  At the 25th iteration the
chances of finding two key values that map the data values following
the 24th iteration into the same result values must be quite remote.

Its guaranteed not to happen in the 1st iteration, because the data
values are the same.