Newsgroups: comp.os.minix
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!email!vmars!hp
From: hp@vmars.tuwien.ac.at (Peter Holzer)
Subject: Re: password encoding
Message-ID: <1991Jun6.113438.7450@email.tuwien.ac.at>
Sender: news@email.tuwien.ac.at
Nntp-Posting-Host: nowhere.vmars.tuwien.ac.at
Organization: Technical University Vienna, Dept. for Realtime Systems, AUSTRIA
References: <1991Jun5.183525.3907@nntp-server.caltech.edu>
Date: Thu, 6 Jun 1991 11:34:38 GMT
Lines: 26

gwoho@nntp-server.caltech.edu (g liu) writes:

>looking at the minix source, it appears to me that the passwords
>are encoded into the password file. not encrypted. that is, inverting
>the crypt function looks trivial.

Yes, the crypt function used by Minix is reversable. A program that
does it was posted by Norbert Schlenker in June 90. Fred van Kempen
then posted a different algorithm, that has not been broken until now
(may just because nobody tried). Both articles are available via ftp
from ftp.vmars.tuwien.ac.at. (If there is enough interest, I will also
repost them)

>is this so? does unix use the same method of encoding the password?

No. Unix is using a modified DES-Algorithm, which has (as far as we
know :-) not yet been broken. Minix cannot use this algorithm, because
there is a law in the US that forbids exporting the algorithm. So if
Andy writes crypt in the Netherlands, sends it to PH in the US and they
copy it there, the Minix disks may not be exported anymore:-(

--
|    _  | Peter J. Holzer                       | Think of it   |
| |_|_) | Technical University Vienna           | as evolution  |
| | |   | Dept. for Real-Time Systems           | in action!    |
| __/   | hp@vmars.tuwien.ac.at                 |     Tony Rand |
