Bugtraq mailing list archives

Re: passwd hashing algorithm

From: pcl () foo oucs ox ac uk (Paul C Leyland)
Date: Thu, 20 Apr 1995 12:29:46 +0100


"David A. Wagner" <dawagner () phoenix Princeton EDU> wrote:

1. 25 iterations of DES with the first 8 bytes of the
   password as key, followed by 25 iterations of DES
   with the second 8 bytes of password as key.


You've obviously got something else in mind.  By all means, please tell 
me how you're going to do it in 2^32 DES steps (still 2^35 (32 GB) bytes of 
storage, a non-trivial sum.)  Details and crypto-babble welcome:)


Ok, here's the explanation.  I'd love to hear feedback about
whether this is on charter for bugtraq; if it's not, email me
and I'll avoid spamming y'all in the future.


Likewise, if the appended source code for my re-implementation of
DEC's buggy crypt16() is unacceptable.

I'm interested in hearing more information about the
OSF/1 or Ultrix hash function -- is there any place where
I can get source or anything?  I have access to one OSF/1
box, but it doesn't have any man pages or anything on a
crypt16().


Below is the stuff I wrote for Michael Glad's UFC to implement
crypt16().  If you need more context, you'll need to get hold of UFC
from your favourite crypto archive.

Unfortunately, I've lost my re-discovery of the OSF/1 bigcrypt()
algorithm.  DEC are *very* reticent about letting details out and its
documentation is virtually non-existent.  However, examination of the
contents of /tcb/files/auth/p/pcl as I changed my password, together
with a few astute guesses, was all that were required.

If I find the bigcrypt() code again, I'll post it.

Paul

8<---------------------------Snipped from UFC----------------------->8

/* 
 * Ultrix crypt16 function, thanks to pcl () convex oxford ac uk (Paul Leyland)
 */
   
char *crypt16(key, salt)
  char *key, *salt;
  { ufc_long *s, *t;
    char ktab[9], ttab[9];
    static char q[14], res[25];
    /*
     * Hack DES tables according to salt
     */
    setup_salt(salt);
    
    /*
     * Setup key schedule
     */
    clearmem(ktab, sizeof ktab);
    (void)strncpy(ktab, key, 8);
    ufc_mk_keytab(ktab);
    
    /*
     * Go for first 20 DES encryptions
     */
    s = _ufc_doit((ufc_long)0, (ufc_long)0, 
                  (ufc_long)0, (ufc_long)0, (ufc_long)20);
    
    /*
     * And convert back to 6 bit ASCII
     */
    strcpy (res, output_conversion(s[0], s[1], salt));
    
    clearmem(ttab, sizeof ttab);
    if (strlen (key) > 8) (void)strncpy(ttab, key+8, 8);
    ufc_mk_keytab(ttab);
    
    /*
     * Go for second 5 DES encryptions
     */
    t = _ufc_doit((ufc_long)0, (ufc_long)0, 
                  (ufc_long)0, (ufc_long)0, (ufc_long)5);
    /*
     * And convert back to 6 bit ASCII
     */
    strcpy (q, output_conversion(t[0], t[1], salt));
    strcpy (res+13, q+2);
    
    clearmem(ktab, sizeof ktab);
    (void)strncpy(ktab, key, 8);
    ufc_mk_keytab(ktab);
    
    return res;
  }

Current thread:

Re: passwd hashing algorithm, (continued)
- - - Re: passwd hashing algorithm John F. Haugh II (Apr 23)
    - RE: virus Erich W. Gunther (Apr 23)
    - Re: passwd hashing algorithm David Miller (Apr 19)
    - Re: passwd hashing algorithm David A. Wagner (Apr 19)
    - Re: passwd hashing algorithm John F. Haugh II (Apr 21)
    - AntiFlash talkd Richard Allen (Apr 19)
    - Re: AntiFlash talkd James M. Golovich (Apr 19)
    - Password Storage as Environment Variable Bill Bradley (Apr 19)
- Re: passwd hashing algorithm John Adams (Apr 17)
- Re: passwd hashing algorithm Paul C Leyland (Apr 19)
- Re: passwd hashing algorithm Paul C Leyland (Apr 20)
  - Re: passwd hashing algorithm John F. Haugh II (Apr 23)
  - Re: passwd hashing algorithm Marek Michalkiewicz (Apr 24)
- Re: passwd hashing algorithm Paul C Leyland (Apr 21)
- Re: passwd hashing algorithm Pete Hartman (Apr 24)