Re: Linux and Security
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 19 Aug 1998, Joey Hess wrote:
> George Bonser wrote:
> > On Wed, 19 Aug 1998, Michael Beattie wrote:
> >
> > > Okay, true, but it was more of a feasability question, "if you can get the
> > > string, is it possible to use the following method to decrypt it??"
> >
> > Sure ... the login program has to decrypt it, doesn't it? You can
> > cut/paste passwd entries between linux systems ... the encrypted password
> > is not system-specific.
>
> No, it's not reversable. There is no way to get the original password from
> the data in the shadow password file.
>
> Login simply takes the password the user enters, encrypts it using crypt(),
> and compares it with that's in the password file. No decryption is done.
Actually a one way hash is used, not encryption. This is why it is not
possible to decrypt it -- it quite simply is not encrypted in the first
place.
- - Kyle
Kyle Amon email: amonk@raleigh.ibm.com
Unix Systems Administrator phone: (203) 486-3290
Security Specialist pager: 1-800-759-8888 PIN 1616512
IBM Global Services or 1616512@skytel.com
email: amonk@gnutec.com
url: http://www.gnutec.com/kyle
KeyID 1024/26DD13D9
Fingerprint = 7D 86 D1 AE 4B E9 91 6A 4B BC B5 B4 12 F0 D3 1A
"GNU does not eliminate all the world's problems, only some of them."
- Richard Stallman
The GNU Manifesto, 1985
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAgUBNdrVzMTIuZsm3RPZAQE0agQAuAbthdwpDnUPMxrS1ioBWy1W78sXcaL0
Due3wZsa0Z6n/NuutSIf8QAFGxN2RLm1xhd1tLg0W4w/2XgTnkInyNB+eU4M7mGz
3czIfxjcSKm+YGBwzinOtlnm5vCWapqNKTfd4KM9tl3tSN85sPeKdGp0/ntMMrlu
Sq3wUr4hcU0=
=sa00
-----END PGP SIGNATURE-----
Reply to: