MD5 crypting

Smoot Carl-Mitchell smoot at tic.com
Fri May 1 06:26:52 UTC 2009


On Fri, 2009-05-01 at 00:27 -0500, Preston Kutzner wrote:

> When grub or pam checks your passphrase, it doesn't actually decrypt  
> the has and check your entered password against the decrypted one, it  
> just re-hashes the password you entered, using the same salt and  
> compares the results.  If they match, it means you entered the correct  
> password, if not, obviously you didn't.

The hash cannot be decrypted.  It is a one way function.  It is
essentially impossible to derive the password from the hash. You can run
dictionary attacks against the salts and hashes which will reveal weak
passwords fairly quickly.

There is also some cryptographic research that indicates MD5 is
vulnerable or will be sometime in the future:

www.doxpara.com/md5_someday.pdf
-- 
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005




More information about the ubuntu-users mailing list