Re: Digital Unix 4 protected password database.

From: Alec Muffett (Alec.Muffettat_private)
Date: Tue Mar 16 1999 - 14:43:56 PST

Next message: matthew green: "NetBSD Security Advisory 1999-006"

Previous message: Chris Price: "Re: Netscape upgrade"
Maybe in reply to: James Clement: "Digital Unix 4 protected password database."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> 	if (!strncmp(plaintext, ciphertext), ciphertext), 13) {
>
>Could you fix those lines?  I'm a bit confused.  :)  Do you mean
>
>	if (!strncmp(plaintext, ciphertext, 13)) {

It's part and parcel of a typo; apologies, I am suffering the after
effects of having bought my first home, unpacked myself, and am
completely pooped.  Attached is the correction I sent to the first
person who pointed it out.

	- alec

------------------------------------------------------------------

 To: Nate Lawson <nateat_private>
 Subject: Re: Digital Unix 4 protected password database.
 Date: Tue, 16 Mar 1999 12:20:59 +0000
 From: Alec Muffett <alecm@wmp-home>

 >> 	if (!strcmp(plaintext, ciphertext), ciphertext)) {
 >
 >I'm not sure I understand your code example.  Did you mean to say
 >crypt(plaintext, salt) somewhere in there?

 Oops - typo:  Should read:

 	if (!strcmp(crypt(plaintext, ciphertext), ciphertext)) {

 It is an old programmer mantra; since the salt is stored as the first two (or,
 generalised for new crypt() replacements, the first "N") characters of the
 ciphertext, then the ciphertext string *itself* can be passed in as the salt
 string, and the algorithm expected to extract what it needs.

 The joy of this mantra is that it is portable to newer crypt replacements
 which have ciphertexts that look *something* like this in the password file:

 	root:$x$saltstring$resultingciphertexthash:0:0:Root User:/sbin/sh:

 ...where the "$" characters are used to delimit the arbitrary field lengths
 that are used, and the "x" is a integer or string mapping to an
 algorithm (MD5, SHA-1, some local variant) which the crypt() front-end can
 switch on, so you can have several different algorithms running in the same
 password file.

 If the first char of the pw_passwd field is *not* "$" then the crypt()
 frontend assumes that it is dealing with a traditional crypt() algorithm.

 Neat, huh?

 This should also illustrate how my poke-hack worked, if you think about it.

 	- alec

 ps: you think I should post this to BUGTRAQ as a wider explanation?

 --
        alec muffett, sun professional services, alec.muffett @ uk.sun.com
      anything of importance in your life happened about 10 years ago - atx

Next message: matthew green: "NetBSD Security Advisory 1999-006"
Previous message: Chris Price: "Re: Netscape upgrade"
Maybe in reply to: James Clement: "Digital Unix 4 protected password database."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:11 PDT