|
| home | background | contact | studies | lyrics | security | links | SEARCH: |
|
Disclaimer: This page is out-of-date and kept for nostalgic reasons. Links, images and other resources are not maintained. Go to up-to-date site.
Up to overview | Previous: Data integrity | Next: PGP - Pretty Good Privacy
One-way hash functions can be used to verify passwords. The real passwords need not be stored anywhere in the password database, only the corresponding hash values. During authentication, the hash value of the input string is compared against the stored hash value of the correct password. If the values are identical, the input password is deemed correct.
The shadow password suite uses this technique for user logins. Linux supports both a MD5-based algorithm and one based on DES, but it is not as secure as MD5. However, the weakest link is probably the user's selection of the password.
Even though it's hard to guess the string corresponding to a hash value, the password database should be unreadable (except during authentication, or other valid tasks). The reason is that a cracker could have a large dictionary, from which candidate passwords are generated. The hash values of those generated passwords can be calculated, unfortunately rather swiftly, and compared to entries in the password database. Once a match is found, the cracker has a valid password.
Up to overview | Previous: Data integrity | Next: PGP - Pretty Good Privacy