Difference between revisions of "Cryptography"
| Line 3: | Line 3: | ||
=== Cryptography found in UNIX === | === Cryptography found in UNIX === | ||
| − | Early passwords databases were not encrypted and since they were not shadowed this allowed anyone on a system to log in as the system administrator. The programmers rejected this by implementing a [[One way hash]] of [[DES]] to "encrypt" passwords as part of the crypt(3) function. It was impossible to decrypt these passwords since they were a modified version of DES, so in order to know if someone had the right password the plain text would be encrypted and the result compared with the | + | Early passwords databases were not encrypted and since they were not shadowed this allowed anyone on a system to log in as the system administrator. The programmers rejected this by implementing a [[One way hash]] of [[DES]] to "encrypt" passwords as part of the crypt(3) function. It was impossible to decrypt these passwords since they were a modified version of DES, so in order to know if someone had the right password the plain text would be encrypted and the result compared with the hash of the password database, if they matched a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running [[OpenBSD]] using the systems crypt(3) functions can hash 121,000 passwords in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the passwords. Many Operating Systems have implemented [[MD5]] hashing which does 1880 crypts per second on the aforementioned OpenBSD system. [[OpenBSD]] went even further and designed an interesting hash of [[blowfish]] that has a variable setting for rounds that [[blowfish]] will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds a crypt will do 2 passwords in 1 second. |
[[One way hash]]ing wasn't confined to just passwords, with the [[md5]] and [[sha1]] as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. | [[One way hash]]ing wasn't confined to just passwords, with the [[md5]] and [[sha1]] as well as the [[rmd160]] commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system. | ||
Revision as of 03:31, 9 October 2005
Cryptography is the method for distorting plain text so that it is unreadable by someone other than the intended recipient. For example, someone that is using a packet sniffer (see bpf) to listen in on network connection. Only if this third party knows the secret key to the ciphertext will they break the encryption and be able to see the plaintext. Anyone using plain text protocols these days is as stupid as sshd is free.
Cryptography found in UNIX
Early passwords databases were not encrypted and since they were not shadowed this allowed anyone on a system to log in as the system administrator. The programmers rejected this by implementing a One way hash of DES to "encrypt" passwords as part of the crypt(3) function. It was impossible to decrypt these passwords since they were a modified version of DES, so in order to know if someone had the right password the plain text would be encrypted and the result compared with the hash of the password database, if they matched a user would be granted access. As computers became faster so did the speed at which DES would be cracked. An amd64 3500+ running OpenBSD using the systems crypt(3) functions can hash 121,000 passwords in 1 second in 2005. So a slower hash algorithm was needed and one that could take more than 8 characters for the passwords. Many Operating Systems have implemented MD5 hashing which does 1880 crypts per second on the aforementioned OpenBSD system. OpenBSD went even further and designed an interesting hash of blowfish that has a variable setting for rounds that blowfish will encrypt the hash with the string "OrpheanBeholderScryDoubt" 64 times per round. The result is that with 12 rounds a crypt will do 2 passwords in 1 second.
One way hashing wasn't confined to just passwords, with the md5 and sha1 as well as the rmd160 commands one can make a cryptographic hash sum (or fingerprint) of a file or text in the system.
True private key cryptography was also present with the bdes and the openssl commands which could encrypt files with a variety of ciphers. Kiddo encryption was also to be found by means of the rot13 command (found in the games). The rot13 command is popular with Usenet Trolls.
Cryptography can also be found in the Apache web server, fetchmail, and various SMTP implementations.
