Re: Linux security

To: Nathan E Norman <finn@midco.net>
Cc: randyh@getaway.net, debian-user@lists.debian.org
Subject: Re: Linux security
From: Steve Lamb <morpheus@calweb.com>
Date: Tue, 18 Aug 1998 20:25:58 -0700
Message-id: <[🔎] 19980818202558.20355@calweb.com>
Reply-to: Steve Lamb <morpheus@calweb.com>
In-reply-to: <[🔎] Pine.LNX.3.96.980818212143.19138B-100000@brahe.midco.net>; from Nathan E Norman on Tue, Aug 18, 1998 at 09:43:13PM -0500
References: <[🔎] m0z8ouB-0004moC@odvar> <[🔎] Pine.LNX.3.96.980818212143.19138B-100000@brahe.midco.net>

On Tue, Aug 18, 1998 at 09:43:13PM -0500, Nathan E Norman wrote:
> However, let's assume someone grabs a copy of your /etc/passwd file, and
> you aren't using shadow passwords.  All is not lost (yet).  See, you
> can't decrypt the information stored on disk - your plaintext password
> is encrypted using a one-way hash (the crypt function), and every time
> you are prompted for your password your INPUT is again encrypted, and
> compared to the already encrypted version stored on disk.

    I thought what happened was that the password entered is used to encrypt
a string of 0's and the encoded (not encrypted) password is also used to
encrypt the same string of 0's and if they match the password is correct.


-- 
             Steve C. Lamb             | Opinions expressed by me are not my
    http://www.calweb.com/~morpheus    | employer's.  They hired me for my
CC: from news not wanted or appreciated| skills and labor, not my opinions!
---------------------------------------+-------------------------------------

Reply to:

Follow-Ups:
- Re: Linux security
  - From: Nathan E Norman <finn@midco.net>

References:
- Linux security
  - From: randyh@getaway.net
- Re: Linux security
  - From: Nathan E Norman <finn@midco.net>

Prev by Date: Re: Linux security
Next by Date: Re: Linux security
Previous by thread: Re: Linux security
Next by thread: Re: Linux security
Index(es):
- Date
- Thread