[plug] ANNOUNCE: Tuesday will be at Fast Eddies, feature PHP demo

[Greg Mildenhall]

On Mon, 10 May 1999, Christian wrote:
> MD5 isn't a form of encryption - just in case there's any confusion. 
> It's a cryptographic checksum (aka "message digest") algorithm. 

D'oh! Yes, you're right.
Radius doesn't use MD5 for checksumming as Mike said, or for encryption,
as I said, only for signing server responses, which I passed over as
secondary. Now can someone remind me how Radius encrypts authreqs over the
wire? (or does it send the encrypted passwds plaintext???)

> Basically it's a number which "represents" (supposedly uniquely) in some
> way the data it was originally fed.  
Not uniquely, but as I said, close enough, and unique amongst "similar"
inputs.

> Given a piece of data it is therefore posible to generate a
> cryptographic hash however the function is supposedly irreversible so
> that the original data cannot be calculated in any way from the hash.
Very supposedly. MD5 is considered to be fundamentally insecure these
days - only a matter of time until it's fully broken.

> This is obviously different from
> an encryption algorithm whereby the encrypted data can be transformed to
> produce the plaintext by providing the appropriate key.

Yep. for digsig. purposes, MD5 is combined with an encryption algorithm -
the signing process described in my earlier mail is applied to the MD5sum
of the message, rather than the message itself. 

> Due to this common
> behaviour, I know MD5 is used in some implementations (eg NetBSD) to
> avoid those ridiculous US restrictions on cryptography export.  Out of
> interest, does anyone know what Linux uses?
56-DES+SALT.
Of course, it could easiy vary betwen distros, but I strongly doubt it
would for compatibility reasons.

> Hmmm... that might have just been Crypto 102. ;-)
Thankyou, we are much enlightened.

-Greg