Re: crypt

To: Rick Jones <rickya@siservices.net>
Cc: Nathan E Norman <nnorman@cfni.com>, Timothy Phan <tphan@asl.dl.nec.com>, Debian User <debian-user@lists.debian.org>
Subject: Re: crypt
From: Dale Martin <dmartin@ececs.uc.edu>
Date: 31 May 1997 10:09:14 -0400
Message-id: <ukwn2pbg2d1.fsf@helga.ece.uc.edu>
In-reply-to: Rick Jones's message of Fri, 30 May 1997 14:15:50 -0400 (EDT)
References: <Pine.LNX.3.96.970530133437.7273A-100000@localhost.localnet.>

Rick Jones <rickya@siservices.net> writes:

> This is completely false.  I don't care what is done to a password.  If it
> is constant and repeatable, as password's need to be, then it's only a
> matter of time.  If the method is public knowledge as with the source code
> to encrypt passwords, it can be decrypted in no time.

What if two passwords hash to the same value?  How is it possible to
do a reverse lookup on that hash?  Yet, you can still verify that the
password a user is attempting log in with hashed to the same thing it
did when they ran "passwd".  

Now, if you can generate ONE of the passwords that hashes to a
particular value, then I guess you're in business anyways, but you
still didn't necessarily get the same password back.

Later,
	Dale

-- 
+--------------------  finger for pgp public key  ---------------------+
| Dale E. Martin | University of Cincinnati Savant Research Laboratory |
| dmartin@ececs.uc.edu    |     http://www.ececs.uc.edu/~dmartin       |
+----------------------------------------------------------------------+

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: crypt
  - From: Rick Jones <rickya@siservices.net>

Prev by Date: How much space for mirror?
Next by Date: GDB
Previous by thread: Re: crypt
Next by thread: Source code analyzer/debugger for X
Index(es):
- Date
- Thread