Re:encryption algs

From: Ghaith Nasrawi (
Date: 01/28/05

  • Next message: Philip Wagenaar: "Betr.: Re: encryption"
    Date: Fri, 28 Jan 2005 09:42:53 +0000
    To: "postbase" <>

    UNIX-MD5? I "think" the MD5 algorithm used in most current *nix
    systems is a salted hash algorithm.

    <snip from="">

    A hash is a numerical value of fixed length which unequivocally
    identifies files of arbitrary legth. An example of a hashing algorithm
    is SHA1. The reader might now say that saving the password as a hash
    would be sufficient, but why is this wrong?

    The reason for this is that usually so called 'Dictionary Attacks' are
    run against hashed passwords - a good example being the MD5 hashed
    passwords of NT4. This is a Brute Force attack: all entries in a
    dictionary were hashed using MD5 and those hash values then are
    compared against the password database. Have a guess how quickly some
    passwords are found this way.

    The intention behind a Salted Hash is to have this type of attack fail
    by attaching a random value - the so called salt - to each password
    and only then compute the hash over password and salt. For comparison
    of the password the salt has to be stored alongside the salted hash,
    but the only vector of attack is to re-code the dictionary for each
    individually stored password with the salt - and this takes quite a
    long time.


    And NO, you can't transform one hash to another, unless you know the
    original value. Hash functions are meant to be irreversible one-way

    Sorry, I didn't get your second question.

    ---------- Initial Header -----------

    From : "BoI base"
    To :
    Cc :
    Date : Thu, 27 Jan 2005 17:47:46 +0300
    Subject : encryption algs

    > Hello list,
    > I search for some papers. I would like to know more about difference
    > between md5 and unix-md5 hashes (e807f1fcf82d132f9bb018ca6738a19f ->
    > $1$EYCPMJso$NoHIKkO1iRYxZFnWv4I6K/). Is there algorithm for translation
    > one hash to another?
    > Second question:
    > We know, that DES algorithm has 64-bit output. How I can translate it
    > to "standart" 13-letters state (result of unix crypt(3) function)?
    > Sorry for my bad english.
    > --
    > Best regards, Xanders


     //\ Ghaith Nasrawi

    PAST, n.
    That part of Eternity with some small fraction of
    which we have a slight and regrettable
    acquaintance. A moving line called the Present
    parts it from an imaginary period known as the
    Future. These two grand divisions of Eternity, of
    which the one is continually effacing the other,
    are entirely unlike. The one is dark with sorrow
    and disappointment, the other bright with
    prosperity and joy. The Past is the region of
    sobs, the Future is the realm of song. In the one
    crouches Memory, clad in sackcloth and ashes,
    mumbling penitential prayer; in the sunshine of
    the other Hope flies with a free wing, beckoning
    to temples of success and bowers of ease. Yet the
    Past is the Future of yesterday, the Future is the
    Past of to-morrow. They are one -- the knowledge
    and the dream. (The Devil's Dictionary)

  • Next message: Philip Wagenaar: "Betr.: Re: encryption"

    Relevant Pages

    • Re: A key stretching algorithm with pre-shared keyword for symmetric encryption
      ... definition of a salt) he can reproduce everything. ... Of course the algorithm and the salt are known to the public and therefore to the attacker. ... final key hash will be computed in two separate hashing sessions but ... Exactly, same as for any other key stretching algorithm, like bcrypt. ...
    • RE: Can Kerberos be cracked??
      ... Subject: Can Kerberos be cracked?? ... Interesting point about the salt. ... "Finally, where a key is to be derived from a user's password, an algorithm ... compare the results with the known hash. ...
    • Re: SHA-1 vs. triple-DES for password encryption?
      ... be better to use a standard algorithm rather than a home-grown one. ... SHA-1 and 3DES have been reviewed for some time. ... This is where a hash comes in nicely. ... Longer passwords and hashes aid in making the hash much harder to work with. ...
    • Re: sort unique
      ... given that a hash table is not ... IMO if the vendor's algorithm does something "obvious", ... function to eliminate keys that hash to the same bucket per some ... strings of random lengths, and two strings are ...
    • Re: Hash MD5, Sha1 and Length
      ... Salt must always be present, either generated or retrieved form the ... public static String Hash ... // Hash value ... algorithm = new MD5CryptoServiceProvider; ...