Join Log in
Score:3
ahron avatar Crypto

How is the Unix / PostgreSQL crypt function a trapdoor function?

sl flag
ahron

I am looking at this in the context of password hashing in PostgreSQL, specifically, the crypt function of the pgcrypto extension.

The PostgreSQL documentation refers to the Unix man page of the crypt function. The man page (man 3 crypt) of the crypt function states that it performs Trapdoor encryption. Now a trapdoor function should

  1. Be easy to compute in one direction - this I understand.
  2. Be hard to compute in the other direction - this I also understand
  3. Be easy to compute in the other direction if one knows the 'trapdoor' value - I don't understand if/how one might be able to get this value.

I know how to generate a hash, but how might I be able to get the trapdoor value to compute back the original password? Or are the algorithms written in a way so as to discard the trapdoor value?

It did not make sense to ask this in the dba.stackexchange community, as that's primarily about database design and related topics.

Edit/update - Only the BSD man page for crypt states it is a Trapdoor function. The Linux man page states no such thing.

181
1 + 0
Score:2
fgrieu avatar Crypto
ng flag
fgrieu

TLDR: crypt is not a trapdoor function.

crypt does not meet the question's condition 3. It does not apply a trapdoor function, which the question defines correctly at some level of detail. Whether crypt "performs Trapdoor encryption" depends on the definition given to this. I would not say that.

The cryptographic functions used by crypt nowadays are called [key-stretching | purposely slow] [password-based] hash. On top of this it's also memory-hard when it uses scrypt or Argon2.

+ 1
ahron avatar
sl flag
ahron
Thanks. The [BSD man page for `crypt`](https://www.freebsd.org/cgi/man.cgi?crypt(3)) says Trapdoor in the description. On Ubuntu Linux, it only says passphrase hashing.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.