Hi Roman L. Daszczyszak,
The DES algorithm is a secret key algorithm (so the same key is used
to crypt an dun-crypt)
i.e:
if M is your message
if K is your secret key
if F is the crypt algorithm function
if F' is the reserve of F
if C is your crypted message
so we have for this type of encryption :
C = F(M, K)
AND
M = F'(M, K)
So we have too:
M= F'(F(M, K), K)
And for the password we must know F and F' (is the OS spesification)
And with a debugger we can know K for this OS
The MD5 is an 128-bit "fingerprint" or "message digest" system.
We have F but no F' (impossible in mathematic)
So it is unpossible to "un-crypt" them.
MD5 can have an input with no max length and prodiuce an output of 128-bit
(for an 'a' too: MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 )
But the output is fix and not the input, So we can have a collission
(2 pass for one MD5)
So with all password with an max of 256, the luck to have a collission
is very small.
So it is maybe for this raison the limit.
Your next point :
comunication between Windows and SAMBA and "how does one determine
whether the password being sent across the network is encrypted and
not plain text"
For SAMBA on a linux: the authentification is determinate by the
config file (smb.conf)
from man smb.conf :
auth methods (G)
This option allows the administrator to chose what authentica-
tion methods smbd will use when authenticating a user. This
option defaults to sensible values based on security. This
should be considered a developer option and used only in rare
circumstances. In the majority (if not all) of production
servers, the default setting should be adequate.
Each entry in the list attempts to authenticate the user in
turn, until the user authenticates. In practice only one method
will ever actually be able to complete the authentication.
Possible options include guest (anonymous access), sam (lookups
in local list of accounts based on netbios name or domain name),
winbind (relay authentication requests for remote users through
winbindd), ntdomain (pre-winbindd method of authentication for
remote domain users; deprecated in favour of winbind method),
trustdomain (authenticate trusted users by contacting the remote
DC directly from smbd; deprecated in favour of winbind method).
references :
DES RFC (rfc3962) : http://www.faqs.org/rfcs/rfc3962.html
MD5 RFC (rfc1321) : http://www.faqs.org/rfcs/rfc1321.html
MD5 Home page (unofficial) : http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
Linux man: man smb.conf
Note:
Sorry for my english (I'm not an english native)
On Wed, 09 Mar 2005 14:57:17 -0600, Roman L. Daszczyszak II
<romandas@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have heard that many *nix flavors used to default to using DES as
their password storage algorithm, but recently many Linux flavors tend
to use MD5 hashes instead, which are more secure to brute force attacks.
What I'm wondering is how long can a Linux password be? Can it use
extended characters (like Windows Alt-# feature) in it's passwords and
if so, how do you use them (aka if they aren't on the keyboard)?
Additionally I have heard that an MD5 hash has no limit to the amount it
can hash (iow an unlimited length password) but somewhere in the Linux
authentication it is set to a length of 256. What imposes this length
of password?
Lastly, in communicating with a Windows XP/2000 box using SAMBA and
Windows File sharing, how does one determine whether the password being
sent across the network is encrypted and not plain text?
Any information you can provide (and references to back it up) would be
very helpful; thank you.
Roman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCL2MtszjStpsfjf8RAmlBAJ0Y3xlMUc+sN7BpmeV7BwTKoo2NlQCgwvmS
KgNlN6VnD2KlD9Crz16Cyng=
=e4bH
-----END PGP SIGNATURE-----
--
-=ZERO_BURNOUT=-
