Bugtraq mailing list archives
Re: Digital Unix 4 protected password database.
From: Alec.Muffett () UK SUN COM (Alec Muffett)
Date: Tue, 16 Mar 1999 22:43:56 +0000
if (!strncmp(plaintext, ciphertext), ciphertext), 13) {Could you fix those lines? I'm a bit confused. :) Do you mean if (!strncmp(plaintext, ciphertext, 13)) {
It's part and parcel of a typo; apologies, I am suffering the after effects of having bought my first home, unpacked myself, and am completely pooped. Attached is the correction I sent to the first person who pointed it out. - alec ------------------------------------------------------------------ To: Nate Lawson <nate () root org> Subject: Re: Digital Unix 4 protected password database. Date: Tue, 16 Mar 1999 12:20:59 +0000 From: Alec Muffett <alecm@wmp-home>
if (!strcmp(plaintext, ciphertext), ciphertext)) {I'm not sure I understand your code example. Did you mean to say crypt(plaintext, salt) somewhere in there?
Oops - typo: Should read: if (!strcmp(crypt(plaintext, ciphertext), ciphertext)) { It is an old programmer mantra; since the salt is stored as the first two (or, generalised for new crypt() replacements, the first "N") characters of the ciphertext, then the ciphertext string *itself* can be passed in as the salt string, and the algorithm expected to extract what it needs. The joy of this mantra is that it is portable to newer crypt replacements which have ciphertexts that look *something* like this in the password file: root:$x$saltstring$resultingciphertexthash:0:0:Root User:/sbin/sh: ...where the "$" characters are used to delimit the arbitrary field lengths that are used, and the "x" is a integer or string mapping to an algorithm (MD5, SHA-1, some local variant) which the crypt() front-end can switch on, so you can have several different algorithms running in the same password file. If the first char of the pw_passwd field is *not* "$" then the crypt() frontend assumes that it is dealing with a traditional crypt() algorithm. Neat, huh? This should also illustrate how my poke-hack worked, if you think about it. - alec ps: you think I should post this to BUGTRAQ as a wider explanation? -- alec muffett, sun professional services, alec.muffett @ uk.sun.com anything of importance in your life happened about 10 years ago - atx
Current thread:
- Re: Digital Unix 4 protected password database. Darren J Moffat - Enterprise Services OS Product Support Group (Mar 10)
- <Possible follow-ups>
- Re: Digital Unix 4 protected password database. der Mouse (Mar 10)
- New Security Vulnerability in WinNT Alexandre Stervinou (Mar 12)
- Re: Digital Unix 4 protected password database. Tim Pierce (Mar 12)
- Re: Digital Unix 4 protected password database. Nate Lawson (Mar 12)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 15)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 16)