Re: Passwd Encryption (Re: Linux security)

[Nathan E Norman <finn@midco.net>]

On Wed, 19 Aug 1998, Chris wrote:

 : On Tue, 18 Aug 1998, Steve Lamb wrote:
 : 
 : > On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote:
 : > 
 : > >No.  The first two characters of the "Encrypted password" field are the
 : > >"salt"; the plaintext password collected from loogin or wherever is
 : > >crypted using that salt, and the result compared to the entire field.
 : > 
 : >     Hrm, guess things have changed since the other nutshell book was printed.
 : >  :/
 : > 
 : > 
 : 
 : 
 : An extract from the crypt(3) man page:
 : 
 : 
 :        crypt is the password encryption function.  It is based on
 :        the Data Encryption  Standard  algorithm  with  variations
 :        intended  (among  other things) to discourage use of hard­
 :        ware implementations of a key search.
 : 
 :        key is a user's typed password.
 : 
 :        salt  is  a  two-character  string  chosen  from  the  set
 :        [a-zA-Z0-9./].   This  string is used to perturb the algo­
 :        rithm in one of 4096 different ways.
 : 
 :        By taking the lowest 7 bit of each character of the key, a
 :        56-bit  key  is  obtained.   This  56-bit  key  is used to
 :        encrypt repeatedly a constant  string  (usually  a  string
 :        consisting  of  all  zeros).  The returned value points to
 :        the encrypted password, a series  of  13  printable  ASCII
 :        characters  (the  first  two characters represent the salt
 :        itself).  The return value points  to  static  data  whose
 :        content is overwritten by each call.

Ah!  Ok, I see what I was missing.

--
Nathan Norman
MidcoNet  410 South Phillips Avenue  Sioux Falls, SD
mailto:finn@midco.net           http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)