On Sun, 27 Jan 2002 12:20:25 -0500
Joel Hammer <[EMAIL PROTECTED]> spewed into the bitstream:
> I thought that for security reasons, the actual password is never stored
> on the computer, just the encrypted form. If so, how can the computer
> know that I have tried to "cheat" and when asked to alter my password, I
> just changed the case of one letter.
>
In DES, you have a 13 character hash, the first two are a salt (in MD5
this is a 4 character salt). If you use the same salt as the old password
and create a new hash, then compare the new and old hash, and you know the
difference between a and A (or b and B, etc, they are just representations
of numbers after all) then what you've done to your password is fairly
obvious from an analytical standpoint.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
Internet (H323) phone: 206.28.187.30
_______________________________________________
Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users
Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
