User: Password:
|
|
Subscribe / Log in / New account

Encryption vs hashing

Encryption vs hashing

Posted Mar 22, 2012 14:09 UTC (Thu) by rvfh (subscriber, #31018)
Parent article: Shadow hardening

> MD5, SHA-256, and SHA-512 encryption methods

I thought these were hashing methods. Is it correct to call them encryption methods? I know they somehow 'encrypt' the password, but I would not call them so, considering the encryption needs to be bijective, as the password can normally not be recovered from its hash.

Am I being pedantic?


(Log in to post comments)

Encryption vs hashing

Posted Mar 22, 2012 14:35 UTC (Thu) by jeff_marshall (subscriber, #49255) [Link]

You're correct. They're really hashes. Actually, they are frequently the result of something that is really more like the output of a mode (to borrow terminology from the block cipher world) which uses hashes similar to the way some key derivation functions work. For example, see: http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme

Encryption vs hashing

Posted Mar 22, 2012 17:27 UTC (Thu) by drag (subscriber, #31333) [Link]

> I thought these were hashing methods. Is it correct to call them encryption methods?

It's encryption.

It's one-way encryption. Useful for validating the integrity/correctness of data. In this case it is nice for making sure that a password is correct.

That being said I don't really understand the point of using blowfish in this context. It's a general purpose cypher were you are suppose to be able to decrypt the information being encrypted. So this means that if you are able to obtain the key used to encrypt the password data stored in the shadow file then you can recover the password.

This is technically impossible to do with sha256 even if you wanted to. All the data used to encrypt the password can be present on the host system (except the password itself) and it is still impossible for a person with physical access to recover it. The only chance they have is to brute force it or have the user type it into a compromised system.

It's generally a bad idea to have a system were it is actually possible for a administrator to recover a password, if that is the idea. This opens up all sorts of liability and auditing problems. Just a bad idea.

So this seems bad. Unless the shadow files in each directory serve a slightly different purpose then before. I am probably missing something important here.

Basically if the authors feel that sha256 can't be trusted for hashing, then they need to find a different approach. Or they are using Blowfish in a different manner then I understood it to be used.

Encryption vs hashing

Posted Mar 22, 2012 17:50 UTC (Thu) by drag (subscriber, #31333) [Link]

I see what I was missing. With OpenBSD the stored hash is created by using the user's password to loop through blowfish a few cycles then encrypt "OrpheanBeholderScryDoubt".

Thats clever.

Encryption vs hashing

Posted Mar 22, 2012 20:08 UTC (Thu) by anselm (subscriber, #2796) [Link]

Or they are using Blowfish in a different manner then I understood it to be used.

The original Unix CRYPT mechanism used DES (with a few minor tweaks), which like Blowfish is a symmetric cypher. The way this worked was that the user-provided password was used as the key to encrypt a constant (usually a vector of null bytes). The result was then encrypted again etc., for a total of 25 rounds (which on a PDP-11 took a reasonable amount of time). This is incidentally why Unix passwords used to be limited to 8 (7-bit) characters, which are just enough to make up a 56-bit DES key.

Blowfish-based password »encryption« operates along the same lines – it uses the password as the key, not the plaintext to be encrypted – but makes use of the password in a more complicated manner.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds