From: "Mark M." <markm@voicenet.com>
Date: Sat, 2 Nov 1996 09:00:43 -0800 (PST)
To: erp@digiforest.com>
Subject: Re: Unix User Password File Encryption
In-Reply-To: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>
Message-ID: <Pine.LNX.3.95.961102125436.194A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 2 Nov 1996, Erp wrote:

> Basically it would take a beginning word and encrypt it with the same salt
> as used on the password in the passwd file.  So let us say that for an
> example our salt is aa, our outcome encrypted password is X8mfjs53D ...
> Ok now let us say that we take this salt of aa and run through the
> following into it and getting these patterns from it (these aren't the
> true patterns etc, I'm just making htese things up, but would it be
> possible?)  
> 
> salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
> salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
> salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY
[rest deleted]

There aren't any known patterns that can be exploited.  The output of DES
encryption 25 times generates pseudo-random output.  If a pattern did exist,
cryptanalysis of DES would be very easy.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMnuMoSzIPc7jvyFpAQFePAgAjOfKSSjpXE20g4+3t6PSz1bD+7tSd5Yi
mTjt5zlS/D9NGEXoVkuYI/j7KS+Iic7eNhEUTr8KuUpIS+MUIB0BKHLM0LyaFHmG
dgd2LoqVHoC8vEIwFDxXR/vE+Jt51bFXs2/eKksyqJKLrI6g1i+foANLOBhhxobI
I07Z+mQ7XEsKe6C7eEuElvd4qY6Zis0WJD7lj/c9tOPg3wjGCIohgeclwgByqBvd
6kuxu9b2unFpbcsaICqtxJiHqgJAWjuE0FEz3wkKakIKAwmDmJ1mpru4dP73OwCc
qt5TCytlKq7VN75QawK/YlNX3h24QnyXB/Zo6MOSQCcYGn7UmB/3nA==
=fv2A
-----END PGP SIGNATURE-----