Re: Is there any way...

David Schwartz (
Tue, 24 Feb 1998 23:53:44 -0500

Store the MD5 hash of each password in a publically readable place. This
is similar to how every UNIX system without shadow passwords works. It will
have the same strengths (anyone can easily check anyone's passwords) and
weaknesses (dictionary attacks) as that approach.

>I want a very simple thing: to be able to
>encrypt AND DECRYPT password.

You don't mean that. If everyone else can decrypt my password, why
encrypt it? Perhaps you mean that they can _validate_ my password?

>Now, if I am, say, user "smitty"
>and I want to
>encrypt my password for some application
>and store it into some readable by
>everyone file. Other users will do
>the same for their passwords.
>Now, how to make it so that
>only the owner can decrypt his/her own
>password providing the source code
>for the programs which will do encyption
>and decryption
>should be publicly available?

Why does the owner need to decrypt his password? Presumably the owner
knows his password.

>My thought was to use some global
>variable which gets assigned to
>user process by the kernel
>(hence my posting to this list)
>and which is completely unknown
>for other users/processes as a seed to the
>"crypt". Obviously, I can
>use neither PID nor UID for the
>purpose because they are known
>to other users..

Why does the crypt seed need to be unknown? What can other users do with
the seed?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to