Re: Unix Password Encryption Procedures
From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: Mon, 27 Sep 2004 22:42:39 +0000 (UTC)
On 2004-09-27, Kushal Agarwal wrote:
> I know that most Unix machines either use the DES encryption algorithm
> or the MD5 encryption algorithm, I am wondering if there is any
> flavour of unix which uses the kerberos (or anyother) methodology?
> Additonally, I know that the function crypt() is able to encrypt using
> either the DES or the MD5 algorithm, depending on the salt supplied
> with the function. I am curious as to given an encrypted string, is
> there any "clean" (via a function(s)) way to determine what method was
> used to encrypt the original string. I need to know how the original
> string was encrypted so that I can use the same procedure to encrypt
> the entered string (so that I may compare the stored and entered
Yeap. You're right, there is one simple method. Look at this:
[dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", "salt"'
[dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", q"$1$salt"'
First password has simply two-letter salt prepended to DES-encrypted
password string. Note that salt can't have '$' sign. Second password
prepended $1$<here-salt>$ string. The "$1$" is the way to determine
which algorithm was used.
"man 3 crypt" command should tell you the rest.
-- Stanislaw Klekot