Quick security question
Jon Pruente
jdpruente at gmail.com
Sat Feb 17 18:01:54 CST 2007
It runs what you type through the hash function and compares the
output. Hashing is very simple. If what you type produces the same
hash output that is stored in the passwd file, then you (probably)
typed the same password. One way hashes are just that, one way.
Thus, when it need to compare anything to the stored hash it mush also
be hashed for the comparison to work.
Jon.
On 2/17/07, cragos at gmail.com <cragos at gmail.com> wrote:
> Can someone more familiar than I with the math behind one-way hashes
> explain how a hashed string is compared with a string in plaintext? I
> had a typo in the text I fed to passwd, and, when I went back in to
> fix the typo, I got an error message that read: "BAD PASSWORD: is too
> similar to the old one"
>
> Of course, that was easy enough to override as root, but it raises an
> interesting question. Anyone game to explain the math behind how it
> was able to tell?
>
> Thanks,
> Sean
> _______________________________________________
> Kclug mailing list
> Kclug at kclug.org
> http://kclug.org/mailman/listinfo/kclug
>
More information about the Kclug
mailing list