Re:encryption algs

["Ghaith Nasrawi" <libero () aucegypt edu>]

UNIX-MD5? I "think" the MD5 algorithm used in most current *nix
systems is a salted hash algorithm.

<snip from="http://www.aspheute.com/english/20040105.asp";>

A hash is a numerical value of fixed length which unequivocally
identifies files of arbitrary legth. An example of a hashing algorithm
is SHA1. The reader might now say that saving the password as a hash
would be sufficient, but why is this wrong?

The reason for this is that usually so called 'Dictionary Attacks' are
run against hashed passwords - a good example being the MD5 hashed
passwords of NT4. This is a Brute Force attack: all entries in a
dictionary were hashed using MD5 and those hash values then are
compared against the password database. Have a guess how quickly some
passwords are found this way.

The intention behind a Salted Hash is to have this type of attack fail
by attaching a random value - the so called salt - to each password
and only then compute the hash over password and salt. For comparison
of the password the salt has to be stored alongside the salted hash,
but the only vector of attack is to re-code the dictionary for each
individually stored password with the salt - and this takes quite a
long time.

</snip>

And NO, you can't transform one hash to another, unless you know the
original value. Hash functions are meant to be irreversible one-way
algorithm.

Sorry, I didn't get your second question.


---------- Initial Header -----------

> From      : "BoI base" postbase () mail ru
To          : security-basics () securityfocus com
Cc          :
Date      : Thu, 27 Jan 2005 17:47:46 +0300
Subject : encryption algs

> Hello list,
>
> I search for some papers. I would like to know more about difference
> between md5 and unix-md5 hashes (e807f1fcf82d132f9bb018ca6738a19f ->
> $1$EYCPMJso$NoHIKkO1iRYxZFnWv4I6K/). Is there algorithm for translation
> one hash to another?
>
> Second question:
> We know, that DES algorithm has 64-bit output. How I can translate it
> to "standart" 13-letters state (result of unix crypt(3) function)?
>
>
> Sorry for my bad english.
>
> --
> Best regards, Xanders                mailto:postbase () mail ru


-----

 (o_
 //\   Ghaith Nasrawi
 V_/_



PAST, n.
That part of Eternity with some small fraction of
which we have a slight and regrettable
acquaintance. A moving line called the Present
parts it from an imaginary period known as the
Future. These two grand divisions of Eternity, of
which the one is continually effacing the other,
are entirely unlike. The one is dark with sorrow
and disappointment, the other bright with
prosperity and joy. The Past is the region of
sobs, the Future is the realm of song. In the one
crouches Memory, clad in sackcloth and ashes,
mumbling penitential prayer; in the sunshine of
the other Hope flies with a free wing, beckoning
to temples of success and bowers of ease. Yet the
Past is the Future of yesterday, the Future is the
Past of to-morrow. They are one -- the knowledge
and the dream. (The Devil's Dictionary)