Re: Password encryption
On Thu, Nov 04, 1999 at 08:55:50PM -0500, Greg Wooledge wrote
> Pann McCuaig (pann@ourmanpann.com) wrote:
> > On Wed, Nov 03, 1999 at 22:24, Greg Wooledge wrote:
> > > Pann McCuaig (pann@ourmanpann.com) wrote:
>
> > > > What do you call "discovering" a weak password using the tools created
> > > > for that purpose?
>
> > > It is most certainly not decryption. We usually call it "cracking",
> > > or more specifically, "brute-force cracking".
>
> > Please define decryption for me. In my state of ignorance I would have
> > thought a simple definition would be "recovering plaintext from
> > ciphertext" and wouldn't speak to method.
>
> Well, I'm no cryptographer. But I always think of decryption as the
> deterministic inverse of encryption. Brute-force cryptanalysis is more
> like guesswork.
>
Even worse, there's no guarantee with regard to UNIX password authentication
that the recovered password is the plaintext password set by the user - all
you know for sure is that it produces the same hashed string, although that
is all you need for this application.
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: