SUMMARY: Solaris 9 /etc/shadow file, MD5 problem.

From: Stanley Laufer (slaufer_at_slis.sjsu.edu)
Date: 02/01/05

Next message: Jagga Soorma: "LD_LIBRARY_PATH Issue"

Previous message: Tom Grassia: "SUMMARY: Attaching a D1000 to a U2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 31 Jan 2005 17:32:44 -0800 (PST)
To: sunmanagers@sunmanagers.org

Hi All,

Thank you, thank you to all who replied, since a number
of the suggestions led me in the right direction.

The consensus was that the $ indicated that the password
was encrypted using a newer encryption algorithm (most likely
MD5).

Although interestingly, the problematic /etc/shadow passwords
only had a "$1" at the beginning, instead of "$1$".

"$1$" appears to be the more common way to denote that the
entry is in MD5 encryption. So, I'm not sure what that's
all about.

In any case, I eventually had the thought that perhaps a
recent patch had "broken" MD5. After all, some of these MD5
passwords have been around for many months, and we have never
before had a problem.

So, on that hunch, I tracked down patch 112874-30 and uninstalled
it, and lo and behold, the MD5 password problem went away.

Several of you also indicated that I could force Sol 9 to
only use the standard UNIX DES encryption by removing MD5,
Blowfish, and Sun MD5 from CRYPT_ALGORITHMS_ALLOW in policy.conf.

I'll keep that on the back burner in case we decide to go
one way or the other (completely back to DES or completely
forward to MD5 or Blowfish).

The bottom line is that I should have done my homework when
Solaris 9 came out. I did not realize that support for
additional encryption algorithms had been added.

Thanks again for all of your responses. This forum has
been quite helpful over the years, and I'm sure it will
remain so for years to come.

Stanley E. Laufer
Network Administrator
School of Library and Information Science
San Jose State University
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Next message: Jagga Soorma: "LD_LIBRARY_PATH Issue"

Previous message: Tom Grassia: "SUMMARY: Attaching a D1000 to a U2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: import passwd file from different UNIX
... >> Blowfish scheme used by OpenBSD, ... encryption algorithm, such as MD5 or Blowfish, by changing the default ... password encryption algorithm. ... MD5 as algorithms to encrypt your passwords. ...
(comp.unix.solaris)
Re: C# Equivalent of C++ MD5 Algorith
... your original post said you were looking for an MD5 Hash. ... Co-founder, Eggheadcafe.com developer portal: ... The problem is that the C++ encryption generates 110 ...
(microsoft.public.dotnet.languages.csharp)
Re: Need strong crypto for sending my password via sockets.
... MD5 and Blowfish are indeed free, but MD5 is not an encryption algorithm ... it is a disgest (hash) algorithm. ... Server crypts it's own copy of password ...
(microsoft.public.vc.mfc)
Re: password length
... ]>]The short answer is "Different encryption ... ]>based hash, 128 bits in the case of the MD5 based hash. ... ]>Ie, the password algorithms are not encryptions, they are hashes. ...
(alt.os.linux.suse)
Re: incremental MD5 ?
... and i'm trying MD5 encryption, the original data is quite big and MD5 ... Hash the book to get the book hash ... Hash all the shelf hashes in a column to get the column hash ...
(sci.crypt)