[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unix User Password File Encryption
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 2 Nov 1996, Erp wrote:
> Basically it would take a beginning word and encrypt it with the same salt
> as used on the password in the passwd file. So let us say that for an
> example our salt is aa, our outcome encrypted password is X8mfjs53D ...
> Ok now let us say that we take this salt of aa and run through the
> following into it and getting these patterns from it (these aren't the
> true patterns etc, I'm just making htese things up, but would it be
> possible?)
>
> salt aa -- inputed password 0001 -- outcome encryption Zkdrj234S
> salt aa -- inputed password 0002 -- outcome encryption Rksjr342s
> salt aa -- inputed password 0003 -- outcome encryption 25Svj43zY
[rest deleted]
There aren't any known patterns that can be exploited. The output of DES
encryption 25 times generates pseudo-random output. If a pattern did exist,
cryptanalysis of DES would be very easy.
Mark
- --
finger -l for PGP key
PGP encrypted mail prefered.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMnuMoSzIPc7jvyFpAQFePAgAjOfKSSjpXE20g4+3t6PSz1bD+7tSd5Yi
mTjt5zlS/D9NGEXoVkuYI/j7KS+Iic7eNhEUTr8KuUpIS+MUIB0BKHLM0LyaFHmG
dgd2LoqVHoC8vEIwFDxXR/vE+Jt51bFXs2/eKksyqJKLrI6g1i+foANLOBhhxobI
I07Z+mQ7XEsKe6C7eEuElvd4qY6Zis0WJD7lj/c9tOPg3wjGCIohgeclwgByqBvd
6kuxu9b2unFpbcsaICqtxJiHqgJAWjuE0FEz3wkKakIKAwmDmJ1mpru4dP73OwCc
qt5TCytlKq7VN75QawK/YlNX3h24QnyXB/Zo6MOSQCcYGn7UmB/3nA==
=fv2A
-----END PGP SIGNATURE-----