[9938] in bugtraq
Re: Digital Unix 4 protected password database.
daemon@ATHENA.MIT.EDU (Alec Muffett)
Wed Mar 17 01:25:44 1999
Date: Tue, 16 Mar 1999 22:43:56 +0000
Reply-To: Alec Muffett <Alec.Muffett@UK.SUN.COM>
From: Alec Muffett <Alec.Muffett@UK.SUN.COM>
X-To: Jim Paris <jim@jtan.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 16 Mar 1999 17:34:24 EST."
<199903162234.RAA06103@io.jtan.com>
>> if (!strncmp(plaintext, ciphertext), ciphertext), 13) {
>
>Could you fix those lines? I'm a bit confused. :) Do you mean
>
> if (!strncmp(plaintext, ciphertext, 13)) {
It's part and parcel of a typo; apologies, I am suffering the after
effects of having bought my first home, unpacked myself, and am
completely pooped. Attached is the correction I sent to the first
person who pointed it out.
- alec
------------------------------------------------------------------
To: Nate Lawson <nate@root.org>
Subject: Re: Digital Unix 4 protected password database.
Date: Tue, 16 Mar 1999 12:20:59 +0000
From: Alec Muffett <alecm@wmp-home>
>> if (!strcmp(plaintext, ciphertext), ciphertext)) {
>
>I'm not sure I understand your code example. Did you mean to say
>crypt(plaintext, salt) somewhere in there?
Oops - typo: Should read:
if (!strcmp(crypt(plaintext, ciphertext), ciphertext)) {
It is an old programmer mantra; since the salt is stored as the first two (or,
generalised for new crypt() replacements, the first "N") characters of the
ciphertext, then the ciphertext string *itself* can be passed in as the salt
string, and the algorithm expected to extract what it needs.
The joy of this mantra is that it is portable to newer crypt replacements
which have ciphertexts that look *something* like this in the password file:
root:$x$saltstring$resultingciphertexthash:0:0:Root User:/sbin/sh:
...where the "$" characters are used to delimit the arbitrary field lengths
that are used, and the "x" is a integer or string mapping to an
algorithm (MD5, SHA-1, some local variant) which the crypt() front-end can
switch on, so you can have several different algorithms running in the same
password file.
If the first char of the pw_passwd field is *not* "$" then the crypt()
frontend assumes that it is dealing with a traditional crypt() algorithm.
Neat, huh?
This should also illustrate how my poke-hack worked, if you think about it.
- alec
ps: you think I should post this to BUGTRAQ as a wider explanation?
--
alec muffett, sun professional services, alec.muffett @ uk.sun.com
anything of importance in your life happened about 10 years ago - atx
