Chapter Two



Encrypting Passwords

The basic idea:

To increase security, on most systems passwords are never stored “in the clear”. Instead, as soon as a password is entered, it is encrypted using a particular encryption algorithm. And, instead of storing the password, its encryption is stored.

When a user attempts to log on at some future time, the password she enters is run through the encryption algorithm. If the result matches the encryption stored by the system, the password is accepted; otherwise it is refused.

Hashing and 1-way functions

The goal of the encryption algorithm is to scramble the original password so to make it difficult for anyone to derive the original password from its encryption. So two very similar passwords should produce very different encryptions. And the mathematics of the algorithm should make it very hard to run the algorithm in reverse. An algorithm which meets the latter criterion is called a one-way function (or a trapdoor function).

A very simple password function

Below is a Python program which produces the hash of any alphanumeric string of length 4 or more. Here is how it works:

Create a very large hash number, hashNum:

- convert each character to a number from 1 to 62

- start with a very large number, i.e., 100000000000000 and call it modo

- initially set hashNum to modo

- for each character-number:

o add it to hashNum and multiply it by each of the other character-numbers in turn

o let hashNum be hashNum mod modo

- to ensure that we wind up with a large number, add modo to hashNum

Now convert hashNum back to an alphanumeric string:

- take hashNum mod 63 to get an index alphNum

- divide hashNum by 63

The passwords and encryptions:

pwds=['abcdefg','abcdefh','abcdefi','abcdefj','abcdefk','abcdefl','abcdef','abcde','abcd']

>>> for pwd in pwds:

print hashMul(pwd)

sJfLfC4D

vEhY*VJH

UzYTRAV5

hnCv7LOK

EX6E4ICH

u9RR4tGC

zZMbbjRy

PPKjBNxy

G60Wfyxy

The Program:

def hashMul(s):

modo=100000000000000

alphNum='*abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ'

alphLen=len(alphNum)

hashNums=[]

sLen=len(s)

for i in range(sLen):

hashNums.append(alphNum.index(s[i]))

hashNum=modo

for nLet in hashNums:

hashNum+=nLet

for nLet in hashNums:

hashNum=(hashNum*nLet) % modo

hashPwd=''

hashNum+=modo

while hashNum > 0:

hashPwd+=alphNum[hashNum%alphLen]

hashNum=hashNum/alphLen

return hashPwd

More to explore:

For those interested in delving into these concepts, here are several links to explore:

Bob Morris:

Hash functions:

One-way functions:

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download