From: Erp <erp@digiforest.com>
Date: Sat, 2 Nov 1996 01:59:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unix User Password File Encryption
Message-ID: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain




Ok, I realize that you cannot reverse the encryption process for a Unix
password..  But --  Explain to me why the following wouldn't work.  And if
it could work, I am willing to do the algorithms and math for this...  I'm
no good at coding and such..  But I can do algorithms and a lot of math
easily enough *shrug*....  And if anybody uses this idea ---  Please give
me credit for the idea..  If it has already been tried --  Can someone
please refer me to where it was tried, adn if there are any texts on it..
I would like to read them..  Thanks ok here it is:

Normal Programs for Cracking a Unix password file, such as CrackerJack
take a word, use the salt in the password file for that password, encrypt
the word using that salt, and then compare what it comes out as.  If it
isn't the same, it moves on to the next word.   My idea is similar to
this, but is a bit different.

Basically it would take a beginning word and encrypt it with the same salt
as used on the password in the passwd file.  So let us say that for an
example our salt is aa, our outcome encrypted password is X8mfjs53D ...
Ok now let us say that we take this salt of aa and run through the
following into it and getting these patterns from it (these aren't the
true patterns etc, I'm just making htese things up, but would it be
possible?)  

salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY

(For the following process we'd obviously use mor ethan three, we would
probalby use a thousand at least, nad have them be all sizes of passwords
and combiantions..  like aaaab or abababababab and so on...)

Compare the outcomed encryptions --  And find a pattern in them..  Now in
the above I'm just going to say like it comes out as 
8x + 4/y - SQ(2z) + 4a = encrypted password..  Where xyza are each of the
characters respectively such as   0000 
                                  xyza  based on a 255 or however many
ascii char system..  I know this is completely wrong for what I've done
here, but I'm not doing the math or anything right now, I'm just making it
up as I go for an example...  Now say that since we have found the
pattern...  We take the outcome --  Do the algebra to figure out what the
xyza would be..  And ther eya go woopity doo there is the password..
Not as simple as I've said here of course..  It would be a lot more
complex..  But that is the basic idea...   What is wrong with this idea?
--  If it is something I have thought of, and havent' mentioned --  I'll
inform you when you point it out..  But please do point it out..  Or I'll
grasp at straws and say a lot of buts *laugh*...

Anyways,  What is wrong with this idea?  How could it work?
Would someone mind explaining for me, is much appreciated...

Erp


---------------------------
E'gads, ideas can be hell at time..