Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!boulder!sunybcs!bingvaxu!leah!itsgw!steinmetz!uunet!uvm-gen!tnl!norstar From: norstar@tnl.UUCP (Daniel Ray) Newsgroups: comp.unix.wizards Subject: Re: random passwords (was Re: Worm...) Summary: irreversible encryption Message-ID: <120@tnl.UUCP> Date: 5 Dec 88 21:24:10 GMT References: <28399@tut.cis.ohio-state.edu> <278@aber-cs.UUCP> <9119@rpp386.Dallas.TX.US> Distribution: eunet,world Organization: The Northern Lights, Burlington VT Lines: 31 In article <9119@rpp386.Dallas.TX.US>, jfh@rpp386.Dallas.TX.US (The Beach Bum) writes: > > and grep the password file why is everyone so sure that a mainframe > > cannot be used to reverse the encryption routine? > > The former is much simpler than the later. I can encrypt a dictionary on > an unused PC running UNIX. Trying to reverse [ brute-force decrypt is > more like it ] a password on a PC would take significantly more time than > you or I have on this earth. > -- > John F. Haugh II +-Cat of the Week:--------------_ /|- Correct me if I'm wrong, but I recall reading one of the old UNIX abstracts (in the back of "UNIX System Security" by Wood & Kochan, Hayden Books) that states that the crypt() routine IRREVERSIBLY encrypts a password. As a trivial example: lets say we encrypt the alphabet..A is mapped to B, B to C, C to D, etc, except that both Y and Z are mapped to Z. The encrypted text of the word "ZOO" would be "ZPP". Easy to do. However, by knowing that the ciphered text is "ZPP", can one reverse it? No, because both "ZOO" and "YOO" encrypt to that. I thought crypt() was like this in a much more sophisticated way, and that there exists the remote but theoretical possibility of password collision (two different passwords encrypting to the same string using the same salt). Is this true, or am I all mixed up :@) !! norstar The Northern Lights, Burlington Vermont | tnl dialins: 802-865-3614 at 300-2400 bps. ` | / ------------------------------------------ --- * --- uucp: uunet!uvm-gen!tnl!norstar or / | . {decvax,linus}!dartvax!uvm-gen!tnl!norstar |