Re: Password encryption

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: Password encryption
From: Nathan E Norman <finn@midco.net>
Date: Thu, 4 Nov 1999 09:12:27 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.10.9911040906260.12214-100000@volta.midco.net>
In-reply-to: <[🔎] 19991103211124.D5904@desktop.ourmanpann.com>

On Wed, 3 Nov 1999, Pann McCuaig wrote:

 : On Wed, Nov 03, 1999 at 22:24, Greg Wooledge wrote:
 : > Pann McCuaig (pann@ourmanpann.com) wrote:
 : > 
 : > > What do you call "discovering" a weak password using the tools created
 : > > for that purpose?
 : > 
 : > It is most certainly not decryption.  We usually call it "cracking",
 : > or more specifically, "brute-force cracking".
 : 
 : Please define decryption for me. In my state of ignorance I would have
 : thought a simple definition would be "recovering plaintext from
 : ciphertext" and wouldn't speak to method.

You're close - however, encryption and decryption both refer to the
application of an algorithm to data.

Password crackers don't employ an algorithm against the password data;
rather, they employ a hash algorithm (hopefully the same one that was
used to encrypt the passwords in the first place) against suspected
plaintext passwords and compare that result to the crypted values in the
password file.

Password encryption is one way: plain-text to "crypted" data.  When you
log in, whatever you enter at the password prompt is encrypted using the
same algorithm, and the result is compared to the data in the password
file (sound familiar? :)

Regards,

--
Nathan Norman
MidcoNet  410 South Phillips Avenue  Sioux Falls, SD
mailto:finn@midco.net           http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)

Reply to:

References:
- Re: Password encryption
  - From: Pann McCuaig <pann@ourmanpann.com>

Prev by Date: Re: Another Crazy DNS Question... ;-)
Next by Date: Re: A few questions.
Previous by thread: Re: Password encryption
Next by thread: Re: Password encryption
Index(es):
- Date
- Thread