On Thu, Nov 04, 1999 at 08:55:50PM -0500, Greg Wooledge wrote > Pann McCuaig ([EMAIL PROTECTED]) wrote: > > On Wed, Nov 03, 1999 at 22:24, Greg Wooledge wrote: > > > Pann McCuaig ([EMAIL PROTECTED]) wrote: > > > > > What do you call "discovering" a weak password using the tools created > > > > for that purpose? > > > > It is most certainly not decryption. We usually call it "cracking", > > > or more specifically, "brute-force cracking". > > > Please define decryption for me. In my state of ignorance I would have > > thought a simple definition would be "recovering plaintext from > > ciphertext" and wouldn't speak to method. > > Well, I'm no cryptographer. But I always think of decryption as the > deterministic inverse of encryption. Brute-force cryptanalysis is more > like guesswork. >
Even worse, there's no guarantee with regard to UNIX password authentication that the recovered password is the plaintext password set by the user - all you know for sure is that it produces the same hashed string, although that is all you need for this application. John P. -- [EMAIL PROTECTED] [EMAIL PROTECTED] "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
