Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!sdd.hp.com!think.com!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!htsa!maestro!miquels
From: miquels@maestro.htsa.aha.nl (Miquel van Smoorenburg)
Newsgroups: comp.unix.admin
Subject: Re: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <2798@maestro.htsa.aha.nl>
Date: 21 Mar 91 13:18:28 GMT
References: <1991Mar19.231715.28594@comp.vuw.ac.nz>
Sender: bin@htsa.htsa.aha.nl
Organization: AHA-TMF, Polytechnical Institute, Amsterdam, The Netherlands
Lines: 47

In article <1991Mar19.231715.28594@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
->This has drifted off the topic a little bit, so I've changed the Subject
->(again!) and killed the References:
->
->In article <1991Mar18.153201.23325@lth.se>
->	magnus@thep.lu.se (Magnus Olsson) writes:
->
->>login does *not* have to decrypt the password from /etc/passwd - indeed,
->>I don't think there's any way it could do that! (The encryption function
->>is not invertible - several different passwords acan have the same
->>encrypted from).
->
->This response to an earlier posting reminded me of something I have been
->curious about.  Exactly why is the Unix password encryption algorithm
->uninvertible?  It seems to me that the fact that several passwords can
->have the same encrypted form is irrelevent -- the cracker simply has to
->find any *one* password results in a given encrypted string and they are
->in.
->
->Is it to do with the fact that Unix encrypts a constant string using the
->password as a key -- so it *is* possible to work back to that constant string,
->but you still know nothing about the password?
->
->Apologies to any cryptologists out there, to whom this must be obvious!
->
->Duncan.

I don't know exactly if this is true, but:
The input to crypt() is ofcourse the salt, and a password of max. 8 bytes.
However, the MSB of every byte is stripped off! So even if you could
reverse crypt(), and the result has a byte > 127 in it, the result
would be useless. So you have to keep track of a lot of bits if you
want to reverse crypt(), right?

+===============================+============================================+
|                               |                                            |
| Miquel van Smoorenburg,       |  It's nice to be important,                |
| miquels@maestro.htsa.aha.nl   |  but it's more important to be nice.       |
|                               |                                            |
+===============================+============================================+
-- 
+===============================+============================================+
|                               |                                            |
| Miquel van Smoorenburg,       |  It's nice to be important,                |
| miquels@maestro.htsa.aha.nl   |  but it's more important to be nice.       |
|                               |                                            |
+===============================+============================================+