Re: Unix Password Encryption Procedures

From: Stachu 'Dozzie' K. (
Date: 09/28/04

  • Next message: Kushal Agarwal: "Get Unix Groups"
    Date: Mon, 27 Sep 2004 22:42:39 +0000 (UTC)

    On 2004-09-27, Kushal Agarwal wrote:
    > I know that most Unix machines either use the DES encryption algorithm
    > or the MD5 encryption algorithm, I am wondering if there is any
    > flavour of unix which uses the kerberos (or anyother) methodology?
    > Additonally, I know that the function crypt() is able to encrypt using
    > either the DES or the MD5 algorithm, depending on the salt supplied
    > with the function. I am curious as to given an encrypted string, is
    > there any "clean" (via a function(s)) way to determine what method was
    > used to encrypt the original string. I need to know how the original
    > string was encrypted so that I can use the same procedure to encrypt
    > the entered string (so that I may compare the stored and entered
    > strings).

    Yeap. You're right, there is one simple method. Look at this:

    [dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", "salt"'
    [dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", q"$1$salt"'

    First password has simply two-letter salt prepended to DES-encrypted
    password string. Note that salt can't have '$' sign. Second password
    prepended $1$<here-salt>$ string. The "$1$" is the way to determine
    which algorithm was used.

    "man 3 crypt" command should tell you the rest.

    Stanislaw Klekot

  • Next message: Kushal Agarwal: "Get Unix Groups"