[H-GEN] Encrypting a tar backup

Jason Parker-Burlingham jasonp at uq.net.au
Wed Oct 23 12:45:35 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Douglas C <chexsum at optusnet.com.au> writes:

> Jason Parker-Burlingham wrote:
> >Just a note, but both of those algorithms will be useless for
> >encrypting the original poster's data (or perhaps they could be used
> >to encrypt, but they'll, uh, do it too well, if you catch my drift).
> Hmm, maybe I am incorrect but I thought both of these algorithms were
> 2 way (encrypt and decrypt) and 'password' based. *guessing at the
> drift hinting of one-way encryption*

Both MD5 and SHA1 are message hash algorithms.  They take a message
(say "Mary had a little lamb") and turn that into a single value which
is hard to predict, given the input, and (hopefully) impossible to
reverse:

	$ echo "Mary had a little lamb" | md5sum
	4a856d9d7ade0272346a5200244ee925
        $ echo "Mary had a little lamb." | md5sum
        e1656e417993e7977d222cb4564c29b6

(I don't have an implementation of SHA1 at hand.)

You can see that just the addition of a period at the end of the
sentence has completely changed the result.  As far as I know, no-one
has ever succeeded in finding a way to reverse the result of the MD5
hash.  (If anyone does it would be a fairly major achievement.)

Both MD5 and SHA1 are documented as RFCs and fairly easy to implement.

> ccrypt might be something else to read about if an implementation of
> neither of these algos is suitable but I know less about this -

Actually you've probably hit the nail on the head---ccrypt (not
crypt[1]!) uses the Rijandel cipher, which is supposed to be quite
good (but I'm not sure if it's been extensively tested or not).

> Ive just got an interest in encryption lately and have heard
> MD5/SHA1 being good *sorry if theyre one-way and/or not 'password'
> based*. :\

There's no need to be sorry.  You got there in the end, and hopefully
we're all learning something from this thread.  (I am.)

Cheers,

jason

[1] : The standard Unix crypt *encryption* program[2] is apparently a
      simple Enigma-type encryption, which is easily broken.

[2] : As distinguished from the standard Unix crypt *encoding*
      function as used in passwd(5) on many systems.
-- 
||----|---|------------|--|-------|------|-----------|-#---|-|--|------||
| ``It's just a big electric typewriter.''                              |
|                                                                       |
||--|--------|--------------|----|-------------|------|---------|-----|-|

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list