MD5 crypting
Smoot Carl-Mitchell
smoot at tic.com
Fri May 1 06:26:52 UTC 2009
On Fri, 2009-05-01 at 00:27 -0500, Preston Kutzner wrote:
> When grub or pam checks your passphrase, it doesn't actually decrypt
> the has and check your entered password against the decrypted one, it
> just re-hashes the password you entered, using the same salt and
> compares the results. If they match, it means you entered the correct
> password, if not, obviously you didn't.
The hash cannot be decrypted. It is a one way function. It is
essentially impossible to derive the password from the hash. You can run
dictionary attacks against the salts and hashes which will reveal weak
passwords fairly quickly.
There is also some cryptographic research that indicates MD5 is
vulnerable or will be sometime in the future:
www.doxpara.com/md5_someday.pdf
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list