Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

From: Tyler Walden <twalden () aa net>
Date: Fri, 8 Jun 2001 16:27:36 -0700 (PDT)

For those interested here is perl program to generate Crypt-PW's with a
propper salt.

#!/usr/bin/perl

$salt=salt();
print "password encryptee, [CTRL]-D quits.\n";
while (<STDIN>) {
chop;
$text=crypt($_,$salt);
print $text."\n";
}

sub salt {
  local($salt);
  local($i, $rand);
  local(@itoa64) = ( 0 .. 9, a .. z, A .. Z ); # 0 .. 63   # to64
  for ($i = 0; $i < 8; $i++) {
    srand(time + $rand + $$);
    $rand  = rand(25*29*17 + $rand);
    $salt .= $itoa64[$rand & $#itoa64];
  }
  return $salt;
}

Tyler Walden - twalden () aa net
Alternate Access http://www.aa.net
Network Operations - noc () aa net

On Fri, 8 Jun 2001 aleph1 () securityfocus com wrote:


This is a very old problem. See
http://www.securityfocus.com/archive/1/5494  (1996)
http://www.securityfocus.com/archive/1/34191 (1999)

NSI obviously does not care much about the security. I haven't been
able to get PGP authentication working in months.
-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: