[plug] Redhat passwords - max 8 chars!?

Christian christian at amnet.net.au
Thu Sep 14 14:28:48 WST 2000


On Thu, Sep 14, 2000 at 01:12:16PM +0800, David Griffiths wrote:
> >Technically it's hashing,
> 
> good point.
> 
> >not encryption.
> 
> Are you sure about this definition? Is not a hash simply one way encryption?
> (quoting from linux security HOWTO)

Absolutely positive.  A cryptographic (or "one-way") hash function
(which is specifically what we're talking about in this case) converts
input data of arbitrary length (typically less than 2^64 bytes) into a
fixed length output (typically between 16 and 32 bytes) with two key
properties, namely a) the chance of collision (i.e., two inputs giving
the same hash) is infintessimally small, even withstanding manipulation
of the inputs by an attacker and b) there is no feasible way of
reversing the operation such that the input can be determined by the
output.

Encryption on the other hand, by definition, is a reversible process
(hence the pairing of encryption/decryption).  It involves combining one
piece of data (the "key") with the data to be encrypted ("plaintext")
in a well-defined manner (the "algorithm" or "cipher") resulting in some
output ("ciphertext").  Note that the ciphertext will typically be of a
similar size to the plaintext (nearly always bigger).

Describing hashing as one-way encryption is probably a suitable way of
explaining the concept to someone in a very loose and non-technical way
but it's still incorrect since the processes involved are very
different.

Regards,

Christian.




More information about the plug mailing list