[plug] Redhat passwords - max 8 chars!?
David Griffiths
griffith at environ.wa.gov.au
Thu Sep 14 15:53:09 WST 2000
>> Are you sure about this definition? Is not a hash simply one way encryption?
>> (quoting from linux security HOWTO)
>
>Absolutely positive. A cryptographic (or "one-way") hash function
>(which is specifically what we're talking about in this case) converts
>input data of arbitrary length (typically less than 2^64 bytes) into a
>fixed length output (typically between 16 and 32 bytes) with two key
>properties, namely a) the chance of collision (i.e., two inputs giving
>the same hash) is infintessimally small, even withstanding manipulation
>of the inputs by an attacker and b) there is no feasible way of
>reversing the operation such that the input can be determined by the
>output.
>
>Encryption on the other hand, by definition, is a reversible process
>(hence the pairing of encryption/decryption). It involves combining one
>piece of data (the "key") with the data to be encrypted ("plaintext")
>in a well-defined manner (the "algorithm" or "cipher") resulting in some
>output ("ciphertext"). Note that the ciphertext will typically be of a
>similar size to the plaintext (nearly always bigger).
>
Ah <nods sagely>. If I understand you correctly then the important
distinction then is not so much the "one-way-ness/reversibility" of hashes
(which in principle can succumb to brute force methods for reversal) as the
_non-uniqueness_ of input data giving rise to the hash (implying the brute
force reversal results will probably be meaningless if the collision space
is large enough).
If the mapping between input text and possible hashes is unique with
precisely zero chance of collision, (input data space would have to be
stricly limited to be less than or equal to hash space) does the hash then
also fulfill the definition of encryption? Does the DES hashing of 8 char
unix passwords have a 1 to 1 mapping?
Hey you're shaking up a few brain cells here Christian! I haven't thought
about this stuff for ages :-)
cheers,
Dave
More information about the plug
mailing list