Re: [ProgSoc] Unix pasword encryption

Peter Meric (pmeric@nospam.progsoc.uts.edu.au)
Tue, 7 Oct 1997 11:53:30 +1000 (EST)


On Tue, 7 Oct 1997, Joshua Graham Pitcher wrote:

> This is probably an RTFM question, but I haven't got an FM handy to fing the
> answer.

Actually, it probably isn't. Well, not one of our manuals anyway.

> Can someone tell me how password encryption works under unix? I know that
> the password is encrypted using the password as the key, and that it is
> encrypted with the DES algorithm 15 times. However this is as far as my
> knowledge of it goes.

My suggestion is to have a look at the source for crypt(). It's freely
available. You may also want to have a look at the variants of crypt(),
like fcrypt(). These may help with your understanding of the encryption
process. fcrypt is available from UQ (a guy there wrote a fast DES
library and ssleay etc).

> The reason I am asking is we are implementing some password protection on an
> embedded system and I have been led to believe that the unix password
> encryption is very secure.

It's only as secure as DES. So using qualitative terms like "very" can
be dangerously misleading.

Peter

------------------------------------------------------------------------
Peter Meric pmeric@nospam.socs.uts.edu.au
pmeric@nospam.progsoc.uts.edu.au
pmeric@nospam.vislab.usyd.edu.au
http://www.progsoc.uts.edu.au/~pmeric

--
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>