On Wed, 3 Nov 1999, Pann McCuaig wrote: : On Wed, Nov 03, 1999 at 22:24, Greg Wooledge wrote: : > Pann McCuaig ([EMAIL PROTECTED]) wrote: : > : > > What do you call "discovering" a weak password using the tools created : > > for that purpose? : > : > It is most certainly not decryption. We usually call it "cracking", : > or more specifically, "brute-force cracking". : : Please define decryption for me. In my state of ignorance I would have : thought a simple definition would be "recovering plaintext from : ciphertext" and wouldn't speak to method.
You're close - however, encryption and decryption both refer to the application of an algorithm to data. Password crackers don't employ an algorithm against the password data; rather, they employ a hash algorithm (hopefully the same one that was used to encrypt the passwords in the first place) against suspected plaintext passwords and compare that result to the crypted values in the password file. Password encryption is one way: plain-text to "crypted" data. When you log in, whatever you enter at the password prompt is encrypted using the same algorithm, and the result is compared to the data in the password file (sound familiar? :) Regards, -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)
