|
Home > Archive > Unix administration > December 2007 > Unix password encryption algorithm
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Unix password encryption algorithm
|
|
| Taras_96 2007-10-30, 1:36 am |
| Hi everyone,
I'm interested in knowing the algorithmic details of the password
encryption mechanism in unix. I have read the article at:
http://members.value.com.au/christie/usenix91.htm but found the
description of key generation and DEA a bit confusing. Does anyone
know of some online resources that goes through an encryption or a
particular example?
Thanks
Taras
| |
| Michael Vilain 2007-10-30, 7:32 am |
| In article <1193722881.619236.13640@z24g2000prh.googlegroups.com>,
Taras_96 <taras.di@gmail.com> wrote:
> Hi everyone,
>
> I'm interested in knowing the algorithmic details of the password
> encryption mechanism in unix. I have read the article at:
> http://members.value.com.au/christie/usenix91.htm but found the
> description of key generation and DEA a bit confusing. Does anyone
> know of some online resources that goes through an encryption or a
> particular example?
>
> Thanks
>
> Taras
http://www.XXXXinggoogleit.com/
--
DeeDee, don't press that button! DeeDee! NO! Dee...
| |
| Bill Vermillion 2007-10-30, 7:32 am |
| In article <1193722881.619236.13640@z24g2000prh.googlegroups.com>,
Taras_96 <taras.di@gmail.com> wrote:
>Hi everyone,
>
>I'm interested in knowing the algorithmic details of the password
>encryption mechanism in unix. I have read the article at:
>http://members.value.com.au/christie/usenix91.htm but found the
>description of key generation and DEA a bit confusing. Does anyone
>know of some online resources that goes through an encryption or a
>particular example?
>
>Thanks
>
>Taras
Actually the DES is considered pretty old by some Unix or
Unix like systems. Those are often using MD5 or blowfish for
encryption.
The old DES only had 4096 salts in it, MD5 reachs into the billions
- or more depending upon the parameters passed to it.
With the old system you could encode full dictionaries with
the 4096 salts, and then if you could capture a password file
you just searched the dictionaries for the encrypted word.
The word you got back would work, but it would not be guarantted
to be the world that was used in the original encryption, as other
password sequences could possible generate the same key, but
as long as you could break in with the password in the dictionaries
who cared?
Bill
--
Bill Vermillion - bv @ wjv . com
| |
| Taras_96 2007-11-01, 1:28 pm |
| Thanks for the info Bill
| |
| Taras_96 2007-11-01, 7:20 pm |
| X-No-Archive:
>
> http://www.XXXXinggoogleit.com/
>
ihaveXXXXinggoogledit.com
Where do you think I got that resource from?
I have yet to find an example that goes through a single iteration of
the encryption with actual letters
> --
> DeeDee, don't press that button! DeeDee! NO! Dee...
| |
| zeroguy 2007-11-01, 7:20 pm |
| On 1 Nov 2007 15:22:23 -0700
Taras_96 <taras.di@gmail.com> wrote:
> ihaveXXXXinggoogledit.com
NXDOMAIN
| |
| Dave Hinz 2007-11-02, 1:31 am |
| On 1 Nov 2007 15:22:23 -0700, Taras_96 <taras.di@gmail.com> wrote:
> X-No-Archive:
>
> ihaveXXXXinggoogledit.com
> Where do you think I got that resource from?
Wow. What an odd way to present yourself to a group you're asking for
help. I suggest you now google for an article called "how to ask
questions the smart way", and read it and learn from it before you're
programatically ignored by those you want help from.
| |
| Taras_96 2007-11-11, 1:27 pm |
| On Nov 2, 10:40 am, Dave Hinz <DaveH...@gmail.com> wrote:
> On 1 Nov 2007 15:22:23 -0700, Taras_96 <taras...@gmail.com> wrote:
>
>
>
>
> Wow. What an odd way to present yourself to a group you're asking for
> help. I suggest you now google for an article called "how to ask
> questions the smart way", and read it and learn from it before you're
> programatically ignored by those you want help from.
There was a post that has now been deleted that said,
'www.f*inggoogleit.com, thus my response was to that individual (not
the group). I thought it would have been clear to this person that I
had googled the term because I referenced a quite technical paper
concerning the algorithm, so I was annoyed that he responded to my
request with such disregard.
Taras
| |
| Dave Hinz 2007-11-11, 7:21 pm |
| On Sun, 11 Nov 2007 16:09:30 -0000, Taras_96 <taras.di@gmail.com> wrote:
> On Nov 2, 10:40 am, Dave Hinz <DaveH...@gmail.com> wrote:
>
> There was a post that has now been deleted that said,
> 'www.f*inggoogleit.com, thus my response was to that individual (not
> the group).
Usenet and email are distinctly different mechanisms.
> I thought it would have been clear to this person that I
> had googled the term because I referenced a quite technical paper
> concerning the algorithm, so I was annoyed that he responded to my
> request with such disregard.
Yup, pointless to try to help someone like you. While you're googling,
google "<plonk>" because I think you'll be seeing a lot of it.
| |
|
| Taras_96 wrote:
> Hi everyone,
>
> I'm interested in knowing the algorithmic details of the password
> encryption mechanism in unix. I have read the article at:
> http://members.value.com.au/christie/usenix91.htm but found the
> description of key generation and DEA a bit confusing. Does anyone
> know of some online resources that goes through an encryption or a
> particular example?
>
> Thanks
>
> Taras
>
Don't know if this is what you're looking for, but try:
http://www.hccfl.edu/pollock/AUnix3...ordSecurity.htm
Hope this helps!
-Wayne
|
|
|
|
|