Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!nic.csu.net!csun!kithrup!sef
From: sef@kithrup.COM (Sean Eric Fagan)
Newsgroups: comp.unix.admin
Subject: Re: Uninvertible passwd encryption (was: Re: Kmem security)
Message-ID: <1991Mar21.203146.4222@kithrup.COM>
Date: 21 Mar 91 20:31:46 GMT
References: <1991Mar19.231715.28594@comp.vuw.ac.nz>
Organization: Kithrup Enterprises, Ltd.
Lines: 26

In article <1991Mar19.231715.28594@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
>Exactly why is the Unix password encryption algorithm
>uninvertible?  

You should take this to sci.crypt, as people there would love to bore you to
death with details about it.

But here is my (albeit limited) understanding of it:  the algorithm is
uninvertible (vertible?) because you cannot get to the previous value in any
step.  That is, the password starts out, and gets munged 8 (I think; could
be some other number) times, with the output of each time being used as the
input of the next iteration.  Now, the function used to "munge" it does not
have a one-to-one mapping.  That is, for each output, there are many
possible inputs (or the other way around, possibly).  Let's say that, for
each possible output, there are 8 possible inputs.  As a result, you have to
worry about 8**8 (16777216) possible intermediate steps if you reverse it, 
the final one of which is a password.

Anyway, if I'm wrong, I apologise.  I was half-asleep during the talk I went
to about this... 8-(

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef@kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.