User: Password:
Subscribe / Log in / New account

Encryption vs hashing

Encryption vs hashing

Posted Mar 22, 2012 20:08 UTC (Thu) by anselm (subscriber, #2796)
In reply to: Encryption vs hashing by drag
Parent article: Shadow hardening

Or they are using Blowfish in a different manner then I understood it to be used.

The original Unix CRYPT mechanism used DES (with a few minor tweaks), which like Blowfish is a symmetric cypher. The way this worked was that the user-provided password was used as the key to encrypt a constant (usually a vector of null bytes). The result was then encrypted again etc., for a total of 25 rounds (which on a PDP-11 took a reasonable amount of time). This is incidentally why Unix passwords used to be limited to 8 (7-bit) characters, which are just enough to make up a 56-bit DES key.

Blowfish-based password »encryption« operates along the same lines – it uses the password as the key, not the plaintext to be encrypted – but makes use of the password in a more complicated manner.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds