[plug] ANNOUNCE: Tuesday will be at Fast Eddies, feature PHP demo

Christian christian at global.net.au
Mon May 10 15:20:05 WST 1999 

Michael Hunt wrote:
> 
> I do concede Greg that I know owe you two beers instead of one !!!
> My experience with MD5 has been with an Ascend MAX sending userid/passwords
> using MD5 encryption to verify users with a Radius Server.  My problem was
> in being, it seems, to quick and simplistic in my answer !!!!

MD5 isn't a form of encryption - just in case there's any confusion. 
It's a cryptographic checksum (aka "message digest") algorithm. 
Basically it's a number which "represents" (supposedly uniquely) in some
way the data it was originally fed.  Given a piece of data it is
therefore posible to generate a cryptographic hash however the function
is supposedly irreversible so that the original data cannot be
calculated in any way from the hash.  This is obviously different from
an encryption algorithm whereby the encrypted data can be transformed to
produce the plaintext by providing the appropriate key.

This works in much the same way as the password "encryption" system in
(traditional) Unix - the values contained the appropriate password files
and commonly referred to as the "passwords" aren't actually the
passwords at all (either encrypted or otherwise) but rather the result
of encrypting a 64-bit block of zeros with DES (which is an encryption
algorithm - to further confuse matters) usually about 25 times using the
provided password as a key (plus a dash of salt).  Due to this common
behaviour, I know MD5 is used in some implementations (eg NetBSD) to
avoid those ridiculous US restrictions on cryptography export.  Out of
interest, does anyone know what Linux uses?

Hmmm... that might have just been Crypto 102. ;-)

Regards,

Christian.

-- 
========================================================================
I'm not trying to give users what they want, I'm trying to give them
freedom, which they can then accept or reject. If people don't want
freedom, they may be out of luck with me, but I won't allow them to 
define for me what is right, what is worth spending my life for.
                                                    - Richard Stallman

More information about the plug mailing list