Re: 2 Keys decrypts same message

From: Ernst Lippe (ernstl-at-planet-dot-nl_at_ignore.this)
Date: 07/08/03

• Next message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• Previous message: Bryan Olson: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• In reply to: Jorge: "Re: 2 Keys decrypts same message"
• Next in thread: Michael Amling: "Re: 2 Keys decrypts same message"
• Reply: Michael Amling: "Re: 2 Keys decrypts same message"
• Reply: Jorge: "Re: 2 Keys decrypts same message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 08 Jul 2003 22:20:00 +0200

On Tue, 08 Jul 2003 08:05:20 +0000, Jorge wrote:

> Hi John,
>
> Are there any advantages on storing in the database the encrypted
> Hash of the Password (hash the pwd, ecnrypt it and then store it)
> than the encrypted Password (encrypt the pwd and then store it) ?
>
> Given that I have already implemented DES, I'm planning on
> using DES to "hash" the password and then use it as a Key.
> The idea is to use DES to encrypt the password using the password as
> the key, do you see any problem here?

There is one serious problem with this approach. When
an attacker breaks your system, he can reconstruct all
passwords for all users. Now the problem is that most
user use a similar structure for all their passwords,
in many cases they even use the same password on several
systems. So when your system is broken, this is also
a security risk for other systems.

This problem can be avoided by using hashes because they
are not invertible.

greetings,

Ernst Lippe

---

• Next message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• Previous message: Bryan Olson: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• In reply to: Jorge: "Re: 2 Keys decrypts same message"
• Next in thread: Michael Amling: "Re: 2 Keys decrypts same message"
• Reply: Michael Amling: "Re: 2 Keys decrypts same message"
• Reply: Jorge: "Re: 2 Keys decrypts same message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Secure password storing ... Why not the Hash ...? ... The only way to store something securely is to encrypt it. ... possiblilities in .NET to encrypt and decrypt passwords (encrypt it before ... (microsoft.public.dotnet.general) X509Certificate hell! ... a hash must be generated and signed. ... Encrypt the connection string and store this in the Windows registry in a binary value using the certificate public key. ... (microsoft.public.dotnet.security) Re: Putting passwords in a properties file? ... I suppose I could encrypt with something and hardcode that encryption ... are checked when the users log on; for that purpose using a hash would ... store the hash of the password in the file or database. ... (comp.lang.java.programmer) Re: Password hashing question... ... there is no way to to securly store date your program has to read. ... only can try to divide the information neede to restore the data. ... E.g. if you encrypt the password, the programm will need the key to encrypt ... A hash is a one-way conversion. ... (microsoft.public.dotnet.languages.csharp) Re: 2 Keys decrypts same message ... > Are there any advantages on storing in the database the encrypted ... > Hash of the Password ... > The idea is to use DES to encrypt the password using the password as ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2003-07