Anything relevant


Postby Chris » 23 Mar 2009, 11:52

<blockquote>I have just been berated soundly by someone posting on the Punch & Judy Directory of Professors. My crime was that I had refused (sic) to tell him his password which he had forgotten. He refused to accept my explanation that I did not know his password and that there was no way of my knowing his password.

Because this may be of wider interest I will explain that which Prof. X refuses to believe. But be warned, this will only be of interest if you have some technical interest, otherwise skip this posting altogether. You don't have to read it.

Passwords are applied for security so that only the authorised person has access to particular information. There are many methods of keeping the passwords secret - the most common being the substitution of dots for letters to stop office colleagues from reading another's password.

At some stage all the passwords for a given process must be held as a list in a database. To protect them they are encrypted, or put into a coded form. The letters you enter for your password are coded, or changed into some other arrangement of letters, numerals and symbols. You may remember as kids we played with simple codes like substituting numbers for letters - a=1, b=2 etc thus BAT would become 2-1-20.

Of course simple systems are two-way, easy to encrypt and easy to decipher. Computers however offer extremely complex encryption methods, some so complex that it is impossible to decipher the results.

You may have noticed that many websites using a password offer a service to recover your password. You may also have noticed that if you click the link to recover a forgotten password they don't actually tell you what it was - they give you a new password. This is because they often don't know your password because it is not recoverable.

The Punch Directory program is written in a computer language called Perl and in Perl there is a function called ENCRYPT. Apply this to any string of characters (a password) and it applies a very complicated computer process to supply an encrypted version. "peter" might become "7xvGhJ87%$mn!>>45" and this is what is held in the data base. The next time the user enters "peter" the computer again applies ENCRYPT and then compares "7xvGhJ87%$mn!>>45" with "7xvGhJ87%$mn!>>45"
and if they are the same then it accepts the password as valid. At no stage does it revert from "7xvGhJ87%$mn!>>45" to "peter" - it can't.

Although there is an ENCRYPT function there is no UN-ENCRYPT function. The reason it can't be done is very complex, but the principal is simple enough. It's rather like making a cake. If you combine a measured amount of flour, sugar, butter and eggs, mix them up and bake them in an oven they become a cake. Repeat the process exactly and you'll get a similar cake, over and over again. But there is just no way of reversing the process. You can never separate the flour, sugar, butter and return the eggs to their original condition.
<center><img src="images/cake.gif"></center>

In the same way, in many forms of encryption there is no way of recovering an original password once forgotten.</blockquote>
It's good to squawk!
User avatar
Site Admin
Posts: 3263
Joined: 05 Jul 2006, 11:13
Location: North Wales

Return to Punch Chat

Who is online

Users browsing this forum: No registered users and 6 guests