Let's look at another problem related to encryption. This one is used daily by almost everyone and yet it is not usually understood by users, never the less it is a fun idea that deserves your understanding. How does one keep a password file on a system, without fear that someone will decode it?
One could encrypt the password file, but then the person who knows the key could decrypt the whole file exposing everyone's password. Using this system, software would have to decrypt the file to check your password and in doing so someone might find out the password, or be able to read the decrypted versions of the passwords.
Instead it is common to have a public key version of the password. This is done in the following way. Assume you have a program that will encrypt things so well it is difficult to decode them. Then what you do is use the user's password as the key to encode a standard message: `Let this user pass!'. This gets encoded as: `wYdB]eaWLpD[!tZ[b]z' using `xyzzy' as the key (the user's password) combined with the user name it gets put in a file anyone can see.
| buz:wYdB]eaWLpD[tZ[b]z:Robert Uzgalis |
This system provides a method for validating a user without storing
his password.
For authentication the encryption system is only used for its one way
property, that is it is easy to use the key to encrypt information,
but it is difficult to determine the key given the information
and in both its clear and encrypted form.
Any function that has this easy-one-way-hard-the-other property can
be used for user validation.