[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: makepasswd: naive question



> Tom Zych wrote:
> > Jerome BENOIT wrote:
> >
> >
> >>We can generate encrypted passwords with `makepasswd',
> >>but how can we decrypt them ?
> >
> > You can't. It's a one-way trapdoor function. Wouldn't be much point
> > in using it otherwise.
> >
> I guess that I missed something:
> I want to protect some ZiP floppy with passwords generated by makepassd,
> and maintain a list of ZiP encrypted passwords as root:
> I guess that I have to decrypt the passwords to use them
> in view to unprotect my ZiP floppies.
> Can we do that ?

Well yes. That kind of encryption has to use a symmetric encryption
algorithm (ie one that can be undone!). There are kernel patches
available to encrypt filesystems. I'm sure that there are otherways of
doing this too.

makepasswd simply generates memorable random passwords. For a normal
useraccount, what happens is that the password is taken, repeated a
number of times, and then an md5sum is taken and stored in /etc/shadow.

When you enter your password to log in, the password is repeated and the
md5sum found and then the two are compared. The point is that
(theoretically) there is no way of going from the md5sum back to the
password. Therefore you can distribute your /etc/shadow file and be
happy that no one can use an algorithm to go from the md5sum back to
your password. Of course, brute force solutions exist! ;-)

For encryption, the password acts as a key which works with the
algoritm employed (tripleDES, blowfish, SHA1, RSA, etc etc) to either
encrypt or decrypt the data as required. Think of it as the algorithm is
the filing cabinet and your password is the key to the filing cabinet:
only with the key can you get inside and read the data.

As for how to actually do this, I've no idea! I am aware that there are
kernel patches available, and some dists have the default kernels with
the patches compiled in. Debian does not so you will need to role your
own kernel (a good idea anyway). There's most likely a HOWTO available,
so find it with google and read! :-)

Good luck

Matthew

-- 

Matthew Sackman
Nottingham
England

BOFH Excuse Board:
not properly grounded, please bury computer


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: