decrypt in 'C'

decrypt in 'C'

Post by Brian T. B » Sun, 15 Jun 2003 06:31:50



Greetings,

The quick question:  How are encrypted passwords decrypted?

The long-winded version:
I'm trying to figure out how to decrypt an encrypted password.
I'm using IBM's AIX operating system.

For encryption, I do something like this:

/* start C code */
static char *pw = "junkmail";
char *salt[2];
char *encpw;

salt[0] = pw[0];
salt[1] = pw[1];

encpw = crypt (pw, salt);
/* end C code */

This works great.  Now, how to I decrypt encpw?

I checked out  IBM's web site for the encrypt command
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf...
but have not been able to figure out what to put in the variables they
call "block" and "key".

 
 
 

decrypt in 'C'

Post by Barry Margoli » Sun, 15 Jun 2003 06:36:41




Quote:>Greetings,

>The quick question:  How are encrypted passwords decrypted?

Quick answer: They aren't.

Password encryption is one-way.  Password checking works by encrypting what
the user types (using the salt that's saved with the encrypted password),
and comparing it to the encrypted password.

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

decrypt in 'C'

Post by Valentin Nechaye » Mon, 16 Jun 2003 14:44:05


BTB> The quick question:  How are encrypted passwords decrypted?

No way. Passwords aren't encrypted, using strong terms. "Encryption"
uses password as crypting key and not as unencrypted data.

BTB> The long-winded version:
BTB> I'm trying to figure out how to decrypt an encrypted password.

There are many ready-to-use programs which can crack passwords using brute
force testing all possible variants. I prefer "John the Ripper". This is
too long process (days for DES, weeks and months for MD5,
centuries for BlowFish;))

BTB> This works great.  Now, how to I decrypt encpw?
BTB> I checked out  IBM's web site for the encrypt command
BTB> http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf...
BTB> but have not been able to figure out what to put in the variables they
BTB> call "block" and "key".

Read basic explanation of any symmetric block cipher (DES, Rijndael,
AES, Blowfish, Twofish, RC4, etc.)

-netch-

 
 
 

decrypt in 'C'

Post by John Gordo » Wed, 18 Jun 2003 00:54:54



Quote:> The quick question:  How are encrypted passwords decrypted?

They aren't.  The crypt() function is one-way only.

---
John Gordon            "Your hat makes baby Brell cry."