> Tom Zych wrote: > > Jerome BENOIT wrote: > > > > > >>We can generate encrypted passwords with `makepasswd', > >>but how can we decrypt them ? > > > > You can't. It's a one-way trapdoor function. Wouldn't be much point > > in using it otherwise. > > > I guess that I missed something: > I want to protect some ZiP floppy with passwords generated by makepassd, > and maintain a list of ZiP encrypted passwords as root: > I guess that I have to decrypt the passwords to use them > in view to unprotect my ZiP floppies. > Can we do that ?
Well yes. That kind of encryption has to use a symmetric encryption algorithm (ie one that can be undone!). There are kernel patches available to encrypt filesystems. I'm sure that there are otherways of doing this too. makepasswd simply generates memorable random passwords. For a normal useraccount, what happens is that the password is taken, repeated a number of times, and then an md5sum is taken and stored in /etc/shadow. When you enter your password to log in, the password is repeated and the md5sum found and then the two are compared. The point is that (theoretically) there is no way of going from the md5sum back to the password. Therefore you can distribute your /etc/shadow file and be happy that no one can use an algorithm to go from the md5sum back to your password. Of course, brute force solutions exist! ;-) For encryption, the password acts as a key which works with the algoritm employed (tripleDES, blowfish, SHA1, RSA, etc etc) to either encrypt or decrypt the data as required. Think of it as the algorithm is the filing cabinet and your password is the key to the filing cabinet: only with the key can you get inside and read the data. As for how to actually do this, I've no idea! I am aware that there are kernel patches available, and some dists have the default kernels with the patches compiled in. Debian does not so you will need to role your own kernel (a good idea anyway). There's most likely a HOWTO available, so find it with google and read! :-) Good luck Matthew -- Matthew Sackman Nottingham England BOFH Excuse Board: not properly grounded, please bury computer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
