Re: [SILLY QUESTION] Uncrypting passwords

From: d. hall (dhall@OOI.NET)
Date: 08/27/98

>>>>>> thus on Thu, 27 Aug 1998 09:33:18 -0400, Angus wrote:

> This is just an example of a crapy crypt() function.  the real one does a
> much better job.  there might be a small chance that you can have
> multiple passwords.  But i have a feeling that it doesn't happen.  The
> main point was that you can't un-encrypt what crypt has encrypted, you
> can just make guesses at what you think it might be and then try running
> it through the same crypt function to see if the 2 crypted string match.
> Grep for crypt in the code and you will see how this works.

In response to one to someone who posted that you can tell if people
multi-play if they have the same pass phrase.

He's an easy solution that enables you to compare pass phrases w/o
decrypting them.

Use the same salt.  If the salt is the same, the crypted pass phrases will
be the same, you just won't be able to tell what they are.

You can then write a quick program to scan the pfile for matching pass
phrases and then compare the last ip of log on.


     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST