Re: Password encryption
On Wed, 3 Nov 1999, Pann McCuaig wrote:
: On Wed, Nov 03, 1999 at 22:24, Greg Wooledge wrote:
: > Pann McCuaig (firstname.lastname@example.org) wrote:
: > > What do you call "discovering" a weak password using the tools created
: > > for that purpose?
: > It is most certainly not decryption. We usually call it "cracking",
: > or more specifically, "brute-force cracking".
: Please define decryption for me. In my state of ignorance I would have
: thought a simple definition would be "recovering plaintext from
: ciphertext" and wouldn't speak to method.
You're close - however, encryption and decryption both refer to the
application of an algorithm to data.
Password crackers don't employ an algorithm against the password data;
rather, they employ a hash algorithm (hopefully the same one that was
used to encrypt the passwords in the first place) against suspected
plaintext passwords and compare that result to the crypted values in the
Password encryption is one way: plain-text to "crypted" data. When you
log in, whatever you enter at the password prompt is encrypted using the
same algorithm, and the result is compared to the data in the password
file (sound familiar? :)
MidcoNet 410 South Phillips Avenue Sioux Falls, SD
finger email@example.com for PGP Key: (0xA33B86E9)