On Tue, Jul 09, 2002 at 02:21:41PM +0200, =?ISO-8859-1?Q? Christian R=F6pke ?= wrote:
1. DES is a encryption algorithmen, that is cracked by NSA (ca. 1990) (also by other secret services) and by the electronic frontier foundation (1999). this algorithm is NOT secret today (des-cracker : about 100.000 dollar)
2. MD5 is a hash-function, so you can't encrypt any passwords with this algorithm.
Both of these algorithms are in fact hash algorithms. The crypt() function is based on a variant of DES, and uses the password as a key to encrypt the salt. So what gets "encrypted" is the salt not the password. In either case, the main purpose of the algorithm is to conceal what the original password was. Being able to reverse the encryption is not an issue (in fact, it's not desirable). What happens when you log into a linux box is that you present your password, and the authentication service puts it through the hash function and compares the result to the hash stored in the shadow file. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann