[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [suse-security] Password Encryption
From:       Steve <steve () videogroup ! com>
Date:       2002-07-10 16:32:32
[Download RAW message or body]

To simplify;

You run a process which basically takes your password and turn it into a 
number format, does some addition and subtraction to it  and converts it into 
characters and stores it. Looking at the result does not tell you what you 
started with. It's like you typed 25 but it stores 4513. You cannot reverse 
it and get 25. 

So the password you type is processed and the result of that process is then 
stored in /etc/shadow. So it's the result, not the original password you 
typed, that is kept. 

When you login the same process is run and the result is now compared to the 
result stored in /etc/shadow. I.e. the two results are compared.

>Wait! and read aloud after me: "The password is *not* encrypted." Take a
>deep breath. Now repeat it, please.
>
>The password is in fact hashed. The resulting hash is stored in /etc/shadow.
>The password is gone after that, there's no trace of it left.
>
>What then happens, when you login, is that the password you supply to the
>system is hashed and the hash is compared to the one stored in /etc/shadow.
>If they match, you're in, if they don't, you're not.
>
>As Olaf has repeatedly said, in the case where DES is used, the salt is
>encrypted using the password as a key to get the 'hash'.
>
>However, if you're using 'MD5 passwords' (which is something of a misnomer,
>of course), DES isn't involved.
>
>Someone correct me if I'm wrong.
>
>Cheers
>Tobias

-- 
 
Steve Szmidt
V.P. Information Technology
Video Group Distributors, Inc.

-- 
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic