Unix Encryption Algorithm

[Brandito]

I have been thinking about this for a long time. I am building an E-Mail encryption program and was thinking about how Unix Encrypts its passwords.

If you encrypt a password so that it can never be Decrypted... only compared to another possible encrypted string, couldn't you have more than one password that would work.

For example:

mystring = "tron"
x = len(mystring) ' x = 4
or
x = round(squareroot(decimalval("t")))


You can use x as a variable that usually changes with most passwords... and you can get more complex with your variables to get the "Unix Effect". Then encrypted you end up with a nicely encrypted string. Then you prompt a user for a password. You encrypt it and compare. But by doing this wont you end up with multiple passwords that would work. I can create an example but it would take too long.

So Wuz Up? Does unix do something even more special that dissables this possiblity?

[parksie]

The Unix passwd program uses MD5, I think...at least it did. I don't think MD5 has been broken yet except by brute-force attacks. RSA has code for it, and I can dig some out if you want.

[Brandito]

I found out what I was looking for I think. Instead of complex math formulas... you can easily add character values and the like together. Finding a combination that works could take years if implemented correctly.

parksie... isnt MD5 a security method that allows the password length to be longer than "usual". I am probably wrong. I just though I saw it some where when I was installing Red Hat and read about it.

Yeah... or if you have a link to some good information that would also be helpful.

[parksie]

MD5 is "Message Digest 5", and involves hashing the plaintext and some other niceties -- I don't think it has a limit on input length. (this may be wrong)

[Lord Orwell]

The brute force method of choice is to get ahold of the password file and compare the strings in it to a dictionary file that has been encrypted using that format.

When you get a match, you know that it is the word. Much faster than brute forcing.

[Brandito]

yep... I know

[Brandito]

Yes... I know it has probably been two years since the last reply to this post that "I" started... but I had to add my two cents in again.

The ability to have an encrypted password work that was not the original password is called a ghost.

I was just wondering if anyone knows anything about these...
If any have been found... maybe with DES enc.

so I ask again... after a years time has gone by...

Wuz Up?

[Alphanos]

A simple way to use any conventional encryption to do a hash is to just encrypt a string with the same string as the password. Although if its a bad algorithm that could cause problems.

[jim mcnamara]

UNIX does use a hash program. Usually MD5. HPUX incorporates what is called a Salt value, which makes cracking several orders of magnitude more difficult.

The possibility of ghosting (duplicate results) with MD5 is approximately 1 in 10⁷⁰ using the base algorithm

This means you would have to generate nearly as many random strings as there are elemental particles in the universe in order to find a ghost. While it can be done, people don't go out and do it.

It's called the Rivest Message Digest Algorithm version 5.

MD5 can handle text of any length - from 1 char up.
It's performance slows remarkably for large text blocks - say 1MB.

A major use for MD5 is to "lock" computer text files. If you have a hash result for a unix file (file time & text), any change or touch completely changes the hash result. This "locks" the file (in the legal sense) and has been used in court as proof a file was not altered. Or the reverse.