Password encryption???:

shakeeb · 11-07-2003, 09:29 AM

OK...for that matter any Open Source encryption algo . is supposed to have a decryption algo. too, so then how come the passwords are secure ( in linux and others like BSD,if i get your encrypted password i cold just decrypt it...this is obviously not true how does it work.?????????????????? i get your encrypted password i cold just decrypt it...this is obviously not true how does it work.??????????????????

zaphodiv · 11-07-2003, 09:41 AM

Passwords are not encrypted, they are put through a one-way hash algorithm. To check if a password is valid it is hashed and the result compared with the stored hash.

evil_Tak · 11-07-2003, 09:47 AM

Not only that, but it's not true that every encryption algorithm has a decryption algorithm. There are many one-way functions, a simple example being modulus. Also, even if there are encryption and decryption algorithms, the keys for encryption and decryption may be different. Therefore, even if you know the algorithm and you know the key I used to encrypt the data, you still can't decode the data without the separate decryption key.

shakeeb · 11-07-2003, 10:28 AM

so what is the key used in linux..is it selected at random is there anyway to know it:after all its open source rite: ) even if its random iwont it be there in ascii chars???

zaphodiv · 11-07-2003, 07:50 PM

There is no key. The algorithm is not reversable.

Password cracking program work by encrypting lots of possible passwords
sucha as every work in the dictionary and seeing if the result matches.