Bugtraq mailing list archives
Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
From: Tyler Walden <twalden () aa net>
Date: Fri, 8 Jun 2001 16:27:36 -0700 (PDT)
For those interested here is perl program to generate Crypt-PW's with a propper salt. #!/usr/bin/perl $salt=salt(); print "password encryptee, [CTRL]-D quits.\n"; while (<STDIN>) { chop; $text=crypt($_,$salt); print $text."\n"; } sub salt { local($salt); local($i, $rand); local(@itoa64) = ( 0 .. 9, a .. z, A .. Z ); # 0 .. 63 # to64 for ($i = 0; $i < 8; $i++) { srand(time + $rand + $$); $rand = rand(25*29*17 + $rand); $salt .= $itoa64[$rand & $#itoa64]; } return $salt; } Tyler Walden - twalden () aa net Alternate Access http://www.aa.net Network Operations - noc () aa net On Fri, 8 Jun 2001 aleph1 () securityfocus com wrote:
This is a very old problem. See http://www.securityfocus.com/archive/1/5494 (1996) http://www.securityfocus.com/archive/1/34191 (1999) NSI obviously does not care much about the security. I haven't been able to get PGP authentication working in months. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Barney Wolff (Jun 11)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Chris Adams (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Len Sassaman (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter W (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter van Dijk (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Wichert Akkerman (Jun 11)
- <Possible follow-ups>
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability jkohl (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)