sslug-teknik team mailing list archive

Thread
Date

RE: MD5 crypt

To: <sslug-teknik@xxxxxxxx>
From: "Emil S Hansen" <laven.data@xxxxxxxx>
Date: Wed, 1 Dec 1999 12:36:55 +0100
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Importance: Normal
In-reply-to: <8940E1C008FAD111BB8500A0C98346F30192FA9C@gtsnt3.gts.dk>
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm

> Hvis man har et RedHat system hvor der er shadow og md5 crypt
> enabled, så
> ville det jo være lækkert om man selv kunne enkryptere
> passwords, så de
> passer til md5 password systemet.

Hmmm, jeg kan nok modificere mit tidligere postede "passcrypt.c" program til
også at kunne klare MD5. Kigger lige på det når jeg har fået lidt søvn.

> crypt(3) er tilsyneladende den gamle des enkryptering. Hvis
> man ldd `which
> passwd` får man en ref til libcrypt.so.
> Men, jeg kan kun finde header filer til crypt, ikke til md5_crypt.

Hvis du har Glibc-2.1.x så har du MD5 kryptering og sikkert også DES (Ikke
helt sikkert, men du har det nok)

Hvad siger 'man 3 crypt' ?

Hvis den nævner MD5, så er den helt fin, men hvis den lige som på min
Slackware 7.0 kun snakker om DES, så skal du nok ud at finde noget opdateret
dokumentation.

---SNIP fra crypt.texi
The @var{salt} parameter does two things.  Firstly, it selects which
algorithm is used, the MD5-based one or the DES-based one.  Secondly, it
makes life harder for someone trying to guess passwords against a file
containing many passwords; without a @var{salt}, an intruder can make a
guess, run @code{crypt} on it once, and compare the result with all the
passwords.  With a @var{salt}, the intruder must run @code{crypt} once
for each different salt.

For the MD5-based algorithm, the @var{salt} should consist of the string
@code{$1$}, followed by up to 8 characters, terminated by either
another @code{$} or the end of the string.  The result of @code{crypt}
will be the @var{salt}, followed by a @code{$} if the salt didn't end
with one, followed by 22 characters from the alphabet
@code{./0-9A-Za-z}, up to 34 characters total.  Every character in the
@var{key} is significant.

For the DES-based algorithm, the @var{salt} should consist of two
characters from the alphabet @code{./0-9A-Za-z}, and the result of
@code{crypt} will be those two characters followed by 11 more from the
same alphabet, 13 in total.  Only the first 8 characters in the
@var{key} are significant.  If the @code{crypt} add-on is not installed,
trying to use the DES-based algorithm will return an empty string and
set @code{errno} to @code{EOPNOTSUPP}.
---SNIP

Så det er din salt der afgør hvilket krypterings system der bliver brugt. Du
kan selv skrive et krypterings program rimeligt let (hvis du kender lidt til
C :)), men ellers kan mit tidligere postede program nok modificeres.

Mvh.

        Emil S Hansen
        laven.data@xxxxxxxx
        UIN: 15749535 & 45621049

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED d- s+:- a-- C++ UL++++ P+ L+++ E W++ N++ o K- w+ O- M-- V- PS+ PE-- Y+
PGP+ t- 5+ X++ R* tv- b++ DI++ D++
G e h r y+
------END GEEK CODE BLOCK------