|
Crypt: Not really pretty good, probably not
good enough
- Here's the crypt man page with a little
detail
- Crypt is the default way of storing passwords on a Unix system.
Here's an example (from Ruby's /etc/shadow:
gbnewby:xnlR6J79KDOQw:11206::::::
- crypt() produces a string of 13 characters. The first 2
are the "salt" which are randomly generated. The other 11 are
the output of the crypt() one-way function using the salt.
- To see if someone entered the right password: read their
password, encrypt it using the salt. If the output is the
11-character string, then the same password was entered.
- This is a one-way function. There is no way to get
from the encrypted string back to the password!
- So, what's the problem? The key space is too small.
From the Linux man page:
Warning: The key space consists of 2**56 equal 7.2e16
possible values.
|