gwoho@nntp-server.caltech.edu (g liu) (06/06/91)
looking at the minix source, it appears to me that the passwords are encoded into the password file. not encrypted. that is, inverting the crypt function looks trivial. is this so? does unix use the same method of encoding the password? gwoho liu.
pete@ohm.york.ac.uk (-Pete French.) (06/06/91)
in article <1991Jun5.183525.3907@nntp-server.caltech.edu>, gwoho@nntp-server.caltech.edu (g liu) says: > > looking at the minix source, it appears to me that the passwords > are encoded into the password file. not encrypted. that is, inverting > the crypt function looks trivial. > is this so? does unix use the same method of encoding the password? yes - someone posted an inversion program about a year ago. MINIX used to have a unit compatible crypt - I dont know why it was changed. I have never bothered making the hange - I strill use the oild crypt funtion to maintain compatibility with UNIX boxes. why did it dissappear ? (anything to do with DES/USA retrictions ?) -bat. -- -Pete French. (the -bat. ) / "Two wrongs don't make a right, Adaptive Systems Engineering / - but three lefts do !" "Look here, a Brit who has obviously been driving in California!"
hp@vmars.tuwien.ac.at (Peter Holzer) (06/06/91)
gwoho@nntp-server.caltech.edu (g liu) writes: >looking at the minix source, it appears to me that the passwords >are encoded into the password file. not encrypted. that is, inverting >the crypt function looks trivial. Yes, the crypt function used by Minix is reversable. A program that does it was posted by Norbert Schlenker in June 90. Fred van Kempen then posted a different algorithm, that has not been broken until now (may just because nobody tried). Both articles are available via ftp from ftp.vmars.tuwien.ac.at. (If there is enough interest, I will also repost them) >is this so? does unix use the same method of encoding the password? No. Unix is using a modified DES-Algorithm, which has (as far as we know :-) not yet been broken. Minix cannot use this algorithm, because there is a law in the US that forbids exporting the algorithm. So if Andy writes crypt in the Netherlands, sends it to PH in the US and they copy it there, the Minix disks may not be exported anymore:-( -- | _ | Peter J. Holzer | Think of it | | |_|_) | Technical University Vienna | as evolution | | | | | Dept. for Real-Time Systems | in action! | | __/ | hp@vmars.tuwien.ac.at | Tony Rand |
ghelmer@dsuvax.uucp (Guy Helmer) (06/06/91)
In <1991Jun5.183525.3907@nntp-server.caltech.edu> gwoho@nntp-server.caltech.edu (g liu) writes: >looking at the minix source, it appears to me that the passwords >are encoded into the password file. not encrypted. that is, inverting >the crypt function looks trivial. I don't know how trivial it is to decode the passwords, but Norbert Schlenker posted a MINIX password decoder in <263@rossignol.Princeton.EDU> about a year ago (19 Jun 90). >is this so? does unix use the same method of encoding the password? UNIX encrypts the password in a more secure method. >gwoho liu. -- Guy Helmer, Dakota State University Computing Services helmer@sdnet.bitnet, dsuvax!ghelmer@wunoc.wustl.edu, ghelmer@dsuvax.dsu.edu "Everybody need a soft filter / Everybody need reverse polarity" - Rush
phupp@warwick.ac.uk (S Millington) (06/07/91)
In article <1991Jun6.113438.7450@email.tuwien.ac.at> hp@vmars.tuwien.ac.at (Peter Holzer) writes: > >No. Unix is using a modified DES-Algorithm, which has (as far as we >know :-) not yet been broken. Minix cannot use this algorithm, because >there is a law in the US that forbids exporting the algorithm. So if >Andy writes crypt in the Netherlands, sends it to PH in the US and they >copy it there, the Minix disks may not be exported anymore:-( You've got to be joking. If crypt is written in the Netherlands, or any other place outside of the US then that is where it's copyright will be registered, unless P-H grab it and keep it in the US. Assuming the copyright is registered outside of the US, if P-H then use the code in a MINIX release and export the discs to Europe all they are doing is distributing a European copyrighted program in Europe. Surely a US court can't prevent them doing that. Then again the US legal system appears to get even more stupid than usual when DES is mentioned. ***************************************************************************** * Stuart Millington * "A Mind Is A Terrible Thing, Remember * * UUCP:...!mcsun!ukc!warwick!phupp * That." - David Bryan, Bon Jovi * * JANET:phupp@uk.ac.warwick.cu ***************************************** * ? :phupp%warwick.ac.uk@nsfnet-relay.ac.uk <- E-mail moving soon * *****************************************************************************
dick@ahds.ahold.nl (Dick Heijne CCS/TS) (06/07/91)
In article <1991Jun6.113438.7450@email.tuwien.ac.at>, hp@vmars.tuwien.ac.at (Peter Holzer) writes: > there is a law in the US that forbids exporting the algorithm. So if > Andy writes crypt in the Netherlands, sends it to PH in the US and they > copy it there, the Minix disks may not be exported anymore:-( Another reason to switch from P-H to Wolters ??
hp@vmars.tuwien.ac.at (Peter Holzer) (06/07/91)
phupp@warwick.ac.uk (S Millington) writes: >In article <1991Jun6.113438.7450@email.tuwien.ac.at> hp@vmars.tuwien.ac.at (Peter Holzer) writes: >> >>Andy writes crypt in the Netherlands, sends it to PH in the US and they >>copy it there, the Minix disks may not be exported anymore:-( > You've got to be joking. If crypt is written in the Netherlands, or >any other place outside of the US then that is where it's copyright will be >registered, unless P-H grab it and keep it in the US. Assuming the >copyright is registered outside of the US, if P-H then use the code in a MINIX >release and export the discs to Europe all they are doing is distributing a >European copyrighted program in Europe. Surely a US court can't prevent >them doing that. Then again the US legal system appears to get even more >stupid than usual when DES is mentioned. Unfortunately, law has nothing to do with logic. Especially if the law has been made by some military dudes who obviously have no idea of cryptography but a big red rubber stamp marked `top secret', which they want to apply everywhere. I don't know the legal situation (I am neither American nor a lawyer), but I think making crypt (c) A.S.Tanenbaum, Netherlands, instead of (c) Prentice Hall, US would not help as long as the disks/book are produced in the US. The American border seems to be an event horizon for DES :-) BTW, I did not make this up. AST had to take the DES source code out of one of his books (although the textual description could remain) a few years ago to be able to sell it outside the US. -- | _ | Peter J. Holzer | Think of it | | |_|_) | Technical University Vienna | as evolution | | | | | Dept. for Real-Time Systems | in action! | | __/ | hp@vmars.tuwien.ac.at | Tony Rand |
v882087@si.hhs.nl (06/08/91)
In article <9106061434.AA08760@mcsun.EU.net> you write: >gwoho@nntp-server.caltech.edu (g liu) writes: > >No. Unix is using a modified DES-Algorithm, which has (as far as we >know :-) not yet been broken. Minix cannot use this algorithm, because It seems that Dod has included a "bug" in the DES algorithm such that they can reverse the DES algorithm. Anyway, DES is only garanteed upto (I believe) 1992. After than Dod expects computers to be so fast that they can actualy crack the algorithm by just trying every possiblity.
jmcarli@PacBell.COM (Jerry M. Carlin) (06/08/91)
In article <55740@nigel.ee.udel.edu> v882087@si.hhs.nl writes: > >It seems that Dod has included a "bug" in the DES algorithm such that they >can reverse the DES algorithm... This has been claimed a number of times but no proof has been submitted. The conversations in sci.crypt lead me to believe this rumor is not true. -- Jerry M. Carlin (415) 823-2441 jmcarli@srv.pacbell.com To dream the impossible dream. To fight the unbeatable foe.
kjh@pollux.usc.edu (Kenneth J. Hendrickson) (06/08/91)
What if somebody was to go and write a new crypt(3), by making a mirror image of the BSD crypt(3). This would not be AT&T code, and it would not be the DES standard either, but it would be just as effective. I believe that this could be exported from the US. Any comments? Should I do this, so I can contribute it to Minix? -- favourite oxymorons: student athlete, military justice, mercy killing Ken Hendrickson N8DGN/6 kjh@usc.edu ...!uunet!usc!pollux!kjh
jac@unlisys.in-berlin.de (Joerg Conradt) (06/11/91)
> Yes, the crypt function used by Minix is reversable. A program that > does it was posted by Norbert Schlenker in June 90. Fred van Kempen > then posted a different algorithm, that has not been broken until now > (may just because nobody tried). Both articles are available via ftp > from ftp.vmars.tuwien.ac.at. (If there is enough interest, I will also > repost them) > > -- > | _ | Peter J. Holzer | Think of it | > | |_|_) | Technical University Vienna | as evolution | > | | | | Dept. for Real-Time Systems | in action! | > | __/ | hp@vmars.tuwien.ac.at | Tony Rand | > Hallo Peter, sag mal, is das in V1.5. immer noch so? also is der immer noch umkehrbar? oder war das nur mal (so um 1.3...) wenn ja, schickst du mir mal die beiden artikel zu- speziell den mit dem neuen crypt? danke schon mal - Joerg -- Joerg Conradt Berlin, Germany || UUCP: jac@unlisys.in-berlin.de
miquels@htsa.htsa.aha.nl (Miquel van Smoorenburg) (06/11/91)
In article <55929@nigel.ee.udel.edu> jac@unlisys.in-berlin.de (Joerg Conradt) writes:
->> Yes, the crypt function used by Minix is reversable. A program that
->> does it was posted by Norbert Schlenker in June 90. Fred van Kempen
->> then posted a different algorithm, that has not been broken until now
->> (may just because nobody tried). Both articles are available via ftp
->> from ftp.vmars.tuwien.ac.at. (If there is enough interest, I will also
->> repost them)
->>
->> --
->> | _ | Peter J. Holzer | Think of it |
->> | |_|_) | Technical University Vienna | as evolution |
->> | | | | Dept. for Real-Time Systems | in action! |
->> | __/ | hp@vmars.tuwien.ac.at | Tony Rand |
->>
->
->Hallo Peter,
->sag mal, is das in V1.5. immer noch so? also is der immer noch
->umkehrbar? oder war das nur mal (so um 1.3...)
->wenn ja, schickst du mir mal die beiden artikel zu- speziell
->den mit dem neuen crypt?
->danke schon mal - Joerg
->--
->Joerg Conradt Berlin, Germany || UUCP: jac@unlisys.in-berlin.de
The newest crypt posted by Fred van Kempen, is a C-version of a Pascal
function, which is described by Andrew S. Tanenbaum in his book
"Computer Networks". This is the ORIGINAL Unix crypt, a modified
version of DES. If you can break this and you're clever enough, you'll
probably never have to work a day in your life again :-).
Miquel.
PS reversing v1.3 crypt is a trivial excercise{, even for someone
who has to do the second grade AGAIN (me!) :-).
--
---
% Miquel van Smoorenburg, Baljuwstraat 20, 2461 SL Langeraar, Holland %
% miquels@drinkel.nl.mugnet.org miquels@maestro.htsa.aha.nl %
% God is real, unless declared integer.. %v882087@si.hhs.nl (06/12/91)
>sag mal, is das in V1.5. immer noch so? also is der immer noch >umkehrbar? oder war das nur mal (so um 1.3...) >wenn ja, schickst du mir mal die beiden artikel zu- speziell >den mit dem neuen crypt? >danke schon mal - Joerg >-- >Joerg Conradt Berlin, Germany || UUCP: jac@unlisys.in-berlin.de Joerg, ein versuch. Wollen sie bitte nicht im Deutsch antworten. Jedemfals nicht in die international grupe. (Ich bitte pardon fuer mein slechtes Deutsch aber ich habs lezte drie oder vier jahr nicht mehr gesprochen). Danke schoen. ---- ENGLISH ---- This was a reply to ask him not to use german in an international group.
david@doe.utoronto.ca (David Megginson) (06/13/91)
In article <56115@nigel.ee.udel.edu> v882087@si.hhs.nl writes: >Joerg, ein versuch. Wollen sie bitte nicht im Deutsch antworten. Jedemfals >nicht in die international grupe. > >(Ich bitte pardon fuer mein slechtes Deutsch aber ich habs lezte drie oder >vier jahr nicht mehr gesprochen). > >Danke schoen. A lot of the stuff on my Minix system comes from programmers with German addresses, and I have no objection to their posting in their own language, as long as they don't mind my posting in English (I could post in German, but I like the language too much to insult it with my bad grammar). I think that German, French and English, at very least, have good claims for being international languages in the Western world and, thus, on the Usenet (I should probably add Spanish), and I won't even get into the Asian languages. What do the net gods have to say about this one? Is it to be eine Sprache? (Sounds a bit like "ein Volk" to me). David -- //////////////////////////////////////////////////////////////////////// / David Megginson david@doe.utoronto.ca / / Centre for Medieval Studies meggin@vm.epas.utoronto.ca / ////////////////////////////////////////////////////////////////////////
jac@unlisys.in-berlin.de (Joerg Conradt) (06/17/91)
> > Joerg, ein versuch. Wollen sie bitte nicht im Deutsch antworten. Jedemfals > nicht in die international grupe. > > (Ich bitte pardon fuer mein slechtes Deutsch aber ich habs lezte drie oder > vier jahr nicht mehr gesprochen). > > Danke schoen. > > > ---- ENGLISH ---- > This was a reply to ask him not to use german in an international group. > hello to all out there who read that post and didn't understand it, i'm sorry for posting in german, i thought i mailed it to peter directly- so i will be more carefull the next time. but i was luckily suprised that i was not flamed at all... (maybe there're no idiots on comp.os.minix?) posting in english again Joerg -- Joerg Conradt Berlin, Germany || UUCP: jac@unlisys.in-berlin.de