Re: [Help]: Looking for password crypt/decrypt function

From: Roy Brokvam <roy.brokvam_at_conax.com>
Date: Thu, 15 Apr 1999 19:41:48 +0200
Message-ID: <bypR2.363$2B1.3138@news1.online.no>

John Gardner wrote in message <7f52uv$37q$1_at_corpnews1.Corp.Sun.COM>...
>
>An xor encryption scheme is so easy to crack that you might as well leave
>it in plaintext.
>

Not necessarily.

If the key is not reused, and is truly random, the XOR encryption algorithm is perfect
If the key is reused, or may be predicted, it is as weak as any.

Of course, for password encryption, you would need key reuse, so then...

As to the original question; what you need is a one-way function. This is a function which has the property that y=f(x) is easy to compute, as x=f'(y) is very difficult.

There is a huge amount of information about one-way functions on the internet, Altavista finds more than 400000 pages on a search for this.

However, there is a simple (and far from perfect) method available, using your own deterministic pseudo-random generator (a random generator which always produces the same sequence when initialised with a given seed):

Convert your plaintext password to a valid seed (using some hash function)
Initialise the random number generator with this seed
Call the random generator once, to get the next "random" number in the sequence
This number is your encrypted password

This method is as bad as:
1) Your random number sequence is deterministic 2) The collission rate of your hash function (different passwords having the same hash value)

[snip]

Regards,

Roy Brokvam
roy.brokvam_at_conax.com Received on Thu Apr 15 1999 - 12:41:48 CDT