Re: Linux and Security

To: grep@oriole.sbay.org, Michael Beattie <mickyb@es.co.nz>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: Linux and Security
From: Joey Hess <joey@kitenet.net>
Date: Wed, 19 Aug 1998 00:26:32 -0700
Message-id: <[🔎] 19980819002632.R11540@kitenet.net>
Mail-followup-to: grep@oriole.sbay.org, Michael Beattie <mickyb@es.co.nz>, Debian User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.3.96.980818234258.29072F-100000@calvin.shorelink.com>; from George Bonser on Tue, Aug 18, 1998 at 11:44:05PM -0700
References: <[🔎] Pine.LNX.3.96.980819181719.1939A-100000@omnic.rumpus.net> <[🔎] Pine.LNX.3.96.980818234258.29072F-100000@calvin.shorelink.com>

George Bonser wrote:
> On Wed, 19 Aug 1998, Michael Beattie wrote:
> 
> > Okay, true, but it was more of a feasability question, "if you can get the
> > string, is it possible to use the following method to decrypt it??"
> 
> Sure ... the login program has to decrypt it, doesn't it? You can
> cut/paste passwd entries between linux systems ... the encrypted password
> is not system-specific.

No, it's not reversable. There is no way to get the original password from
the data in the shadow password file.

Login simply takes the password the user enters, encrypts it using crypt(), 
and compares it with that's in the password file. No decryption is done.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: Linux and Security
  - From: George Bonser <grep@shorelink.com>
- Re: Linux and Security
  - From: Kyle Amon <amonk@gnutec.com>

References:
- Re: Linux and Security
  - From: Michael Beattie <mickyb@es.co.nz>
- Re: Linux and Security
  - From: George Bonser <grep@shorelink.com>

Prev by Date: Re: Libforms?
Next by Date: Re: Linux and Security
Previous by thread: Re: Linux and Security
Next by thread: Re: Linux and Security
Index(es):
- Date
- Thread