topic Re: Password question in Operating System - HP-UX

Password question

Ryan Clerk — Mon, 28 Feb 2005 14:52:08 GMT

Hello experts,

I have noticed that in several threads, passwords are referred to as "encrypted" and sometimes they are referred to as "hashes". Which is correct or are these just different names for the same thing?

TIA,
Ryan

Re: Password question

A. Clay Stephenson — Mon, 28 Feb 2005 14:55:02 GMT

While these terms are often used interchangably when referring to the UNIX passwd algorithm, technically it is a hash. An encrypted password is reversible; ie, one could apply an algorithm to the encrypted password and retrieve the plaintext. In a hashing algorithm, information is intentionally lost so that the process is not reversible.

Re: Password question

A. Clay Stephenson — Mon, 28 Feb 2005 14:57:05 GMT

I should add that one of the true ironies in UNIX is that the function that creates this hash is called crypt even though it does not do encryption. So go figure.

Re: Password question

A. Clay Stephenson — Mon, 28 Feb 2005 15:13:25 GMT

I should also add that as another UNIX irony, the crypt command (as opposed to the crypt() function) DOES do encryption; ie, it produces reversible results.