Security Basics mailing list archives
Re:encryption algs
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Fri, 28 Jan 2005 09:42:53 +0000
UNIX-MD5? I "think" the MD5 algorithm used in most current *nix systems is a salted hash algorithm. <snip from="http://www.aspheute.com/english/20040105.asp"> A hash is a numerical value of fixed length which unequivocally identifies files of arbitrary legth. An example of a hashing algorithm is SHA1. The reader might now say that saving the password as a hash would be sufficient, but why is this wrong? The reason for this is that usually so called 'Dictionary Attacks' are run against hashed passwords - a good example being the MD5 hashed passwords of NT4. This is a Brute Force attack: all entries in a dictionary were hashed using MD5 and those hash values then are compared against the password database. Have a guess how quickly some passwords are found this way. The intention behind a Salted Hash is to have this type of attack fail by attaching a random value - the so called salt - to each password and only then compute the hash over password and salt. For comparison of the password the salt has to be stored alongside the salted hash, but the only vector of attack is to re-code the dictionary for each individually stored password with the salt - and this takes quite a long time. </snip> And NO, you can't transform one hash to another, unless you know the original value. Hash functions are meant to be irreversible one-way algorithm. Sorry, I didn't get your second question. ---------- Initial Header -----------
From : "BoI base" postbase () mail ru
To : security-basics () securityfocus com Cc : Date : Thu, 27 Jan 2005 17:47:46 +0300 Subject : encryption algs
Hello list, I search for some papers. I would like to know more about difference between md5 and unix-md5 hashes (e807f1fcf82d132f9bb018ca6738a19f -> $1$EYCPMJso$NoHIKkO1iRYxZFnWv4I6K/). Is there algorithm for translation one hash to another? Second question: We know, that DES algorithm has 64-bit output. How I can translate it to "standart" 13-letters state (result of unix crypt(3) function)? Sorry for my bad english. -- Best regards, Xanders mailto:postbase () mail ru
----- (o_ //\ Ghaith Nasrawi V_/_ PAST, n. That part of Eternity with some small fraction of which we have a slight and regrettable acquaintance. A moving line called the Present parts it from an imaginary period known as the Future. These two grand divisions of Eternity, of which the one is continually effacing the other, are entirely unlike. The one is dark with sorrow and disappointment, the other bright with prosperity and joy. The Past is the region of sobs, the Future is the realm of song. In the one crouches Memory, clad in sackcloth and ashes, mumbling penitential prayer; in the sunshine of the other Hope flies with a free wing, beckoning to temples of success and bowers of ease. Yet the Past is the Future of yesterday, the Future is the Past of to-morrow. They are one -- the knowledge and the dream. (The Devil's Dictionary)
Current thread:
- encryption algs BoI base (Jan 27)
- <Possible follow-ups>
- Re:encryption algs Ghaith Nasrawi (Jan 28)
- Re[2]: encryption algs BoI base (Jan 28)
- Re: Re[2]: encryption algs Kevin Conaway (Jan 31)
- Re[2]: encryption algs BoI base (Jan 28)
- Re:encryption algs miguel . dilaj (Jan 31)