June 7th, 2003, 11:21 PM
One-Way Encription And DES Alogorithm Confused
Been reading about encription but am confused about "one way encription" and DES encription.
My confusion is if a one way encription function such as crypt can use DES algorithm then is crypt realy one way?
Resources im using:
http://www.ssh.fi/support/cryptography/introduction/ and http://hotwired.lycos.com/webmonkey/...tw=programming
Ok here is what I understand, DES is a symmetric (secret key) based encription alogrithm. It is nolonger considered safe for encripting sensitive data as it can easily be broken with sophisticated hardware/software afordable to governments and organized criminals.
One way encription functions such as crypt in php and linux, offer "message digest hashing" where the cyphertext cannot be decrypted. And this is usefull for username/password pairs in user login systems where the entered password is encripted the same was as it was when it was stored, and if the two hashes match then the password is valid.
My confusion and thus questions arise, if you can use a one way encription function such as crypt, and encript useing the DES alogrithm, then this is not one way correct? Because if DES has been cracked, then its not one way,
Then the cyphertext can be cracked useing hardware corect? Then is crypt realy one way encription?
$string = "My secret message";
$salt = "yk"; // Two for DES
$cyphertext = crypt($string, $salt);
Obviously very new to encription
June 11th, 2003, 10:32 PM
Technically there is no such thing as "one way encryption". If there really is no way to undo it (that's what "one way " means), then you are not doing encryption, you are either generating garbage or calculating a hash.
So the "encrypted passwd" field is really a "password hash", and that's the way that Unix uses it. It doesn't try to decrypt it; it just recreates hash from your supplied passwd and compares.
The way that crypt() uses DES (a symmetric encryption algorithm) to get a hash is:
1) In fact it doesn't use DES, but a variant of DES (same tables, different key scheduling algorithm)
2) In encryption you have 2 inputs (cleartext and key) and get 1 output (ciphertext). In crypt() one of the inputs is fixed (don't remember which) and salt+password is fed to the other input
Hope this helps
June 12th, 2003, 12:28 AM
Nixkl is exactly right when he said "Technically there is no such thing as 'one way encryption' ." The analogy I like to think of with public key cryptosystems and "one way encrytion" is that of an escalator. YOu can go down an escalator that is designed to go up, but its difficult.
June 12th, 2003, 01:44 AM
actually Nixkl was wrong when he said "Technically there is no such thing as 'one way encryption' ."
but then he talked about the password hashes and was right again.
this is also how pwcrackers work. they encrypt a givin string and compare it to the original encrypted string.
say you have to mail the hashed (one way encrypted) password file to a friend.
you don't want a man in the middle obtaining it so you use des on the file.
this will add the extra layer of security to the file.
you could also create an md5sum of the file which is another form of one way encryption.
next you send the des encrypted md5sum of the shadowed password file (use a different key). if you then also use pgp or the likes ....
this way your attacker will have to go through several levels of cracking and by the time he is done the information is useless because you have changed you have recovered and changed your password or to put it in military terms 'the ammo/foodsupplies' have arrived.
it induces a lot of overhead so keep in mind if that is what you want.
to answer the question:
the one way encrypted file will stay one way encrypted, the des will be symetric encryption.
June 12th, 2003, 02:31 AM
Thank you all, this makes more sence now,
This is one thing that confused me bcause, when I encripted useing crypt and the 2 character salt, the output looked difernt then when I did DES with mcrypt, a crypto library extension for php
In fact it doesn't use DES, but a variant of DES
So when I read about MCRYPT_DECRIPT and that you can decript all these alogrithms includeing DES if you know the key, then to read about crypt being a one way, dint sum up.
So this makes more sence. So I guess they call it one way because it doenst have a acompaning decrypt function.
I must readjust my goal, to makeing it near imposible but not imposible,. thank you all for your help in this.