Re: Unix Password Encryption Procedures

From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: 09/28/04

  • Next message: Kushal Agarwal: "Get Unix Groups"
    Date: Mon, 27 Sep 2004 22:42:39 +0000 (UTC)
    
    

    On 2004-09-27, Kushal Agarwal wrote:
    > I know that most Unix machines either use the DES encryption algorithm
    > or the MD5 encryption algorithm, I am wondering if there is any
    > flavour of unix which uses the kerberos (or anyother) methodology?
    >
    > Additonally, I know that the function crypt() is able to encrypt using
    > either the DES or the MD5 algorithm, depending on the salt supplied
    > with the function. I am curious as to given an encrypted string, is
    > there any "clean" (via a function(s)) way to determine what method was
    > used to encrypt the original string. I need to know how the original
    > string was encrypted so that I can use the same procedure to encrypt
    > the entered string (so that I may compare the stored and entered
    > strings).

    Yeap. You're right, there is one simple method. Look at this:

    #v+
    [dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", "salt"'
    saUkChKIZTKFs
    [dozzie%dynamit dozzie]$ perl -le 'print crypt "supersecretpassword", q"$1$salt"'
    $1$salt$ZGs1yAb55Neu4Xn5asyQI.
    #v-

    First password has simply two-letter salt prepended to DES-encrypted
    password string. Note that salt can't have '$' sign. Second password
    prepended $1$<here-salt>$ string. The "$1$" is the way to determine
    which algorithm was used.

    "man 3 crypt" command should tell you the rest.

    -- 
    Stanislaw Klekot
    

  • Next message: Kushal Agarwal: "Get Unix Groups"