Re: Linux security
On Tue, Aug 18, 1998 at 09:43:13PM -0500, Nathan E Norman wrote:
> However, let's assume someone grabs a copy of your /etc/passwd file, and
> you aren't using shadow passwords. All is not lost (yet). See, you
> can't decrypt the information stored on disk - your plaintext password
> is encrypted using a one-way hash (the crypt function), and every time
> you are prompted for your password your INPUT is again encrypted, and
> compared to the already encrypted version stored on disk.
I thought what happened was that the password entered is used to encrypt
a string of 0's and the encoded (not encrypted) password is also used to
encrypt the same string of 0's and if they match the password is correct.
--
Steve C. Lamb | Opinions expressed by me are not my
http://www.calweb.com/~morpheus | employer's. They hired me for my
CC: from news not wanted or appreciated| skills and labor, not my opinions!
---------------------------------------+-------------------------------------
Reply to: