Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!uakari.primate.wisc.edu!uflorida!haven!adm!news
From: mchinni@pica.army.mil (Michael J. Chinni, SMCAR-CCS-E)
Newsgroups: comp.unix.questions
Subject: Re:  passwds and crypt(3)...
Message-ID: <21966@adm.BRL.MIL>
Date: 4 Jan 90 18:48:49 GMT
Sender: news@adm.BRL.MIL
Lines: 32

In article dated <3 Jan 90 20:41:03 GMT> Jonathan Kamens writes:
> In article <1990Jan3.103141.9903@gdt.bath.ac.uk>, exspes@gdr.bath.ac.uk
> (P E Smee) writes:
> > Unstated, but implicit, is the fact that it is even worse if the perpetrator
> > just wants to break *some* password(s), not necessarily yours.  Having
> > encrypted a 'trial' password once, it can then be checked against all
> > encrypted passwords in /etc/passwd to see if it gets any hits.
> 
>   No, that's the whole point of the seed.  The seed is *different* for
> each encrypted password in the /etc/passwd file (or, at the very least,
> there are a number of different seeds), so trial passwords must be
> encrypted in each possible seed before they can be compared to encrypted
> passwords.

The encryption of a trial password with all possible seeds may be required to
guarentee a match, I don't think it is neccessary for a match. The way I
understand the password encryption is that multiple different clear-text
passwords will NEVER encrypt to the same encrypted password.

Given you encrypt a trial password, and then check it against the /etc/passwd
file. Doing this you are not assured of finding all accounts whose password is
the same as your trial one, but you may find a match (which would mean you
matched clear-text and seed).

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
			    Michael J. Chinni
      Chief Scientist, Simulation Techniques and Workplace Automation Team
	 US Army Armament Research, Development, and Engineering Center
 User to skeleton sitting at cobweb   () Picatinny Arsenal, New Jersey  
    and dust covered workstation      () ARPA: mchinni@pica.army.mil
      "System been down long?"        () UUCP: ...!uunet!pica.army.mil!mchinni
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/