Date: Fri, 19 Jan 2007 13:38:44 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: OpenUnix 8 hash format is not the normal DES? On Thu, Jan 18, 2007 at 11:44:33PM -0300, Danett song wrote: > So now, nothing make sense, it appear to have other password file (/etc/defaults/ia/master) however it have a own format, the shadow have only DES format hashs, the program using getpwent() and getspnam() return hash exactly as in shadow file (DES format), and the system in some fashion is able to recoganize passwords with 8, 9, 10, 11 characters long via /bin/login, /bin/su, ... Well, all it means is that programs such as /bin/login and /bin/su use proprietary interfaces rather than getspnam(). Here are some ideas for what we may do: 1. Find out what those interfaces are and use them from our own program, similar to the one I had posted. 2. Learn the /etc/defaults/ia/master file format - just to the extent necessary to extract the usernames and full hashes - and parse this file with our own program, similar to unafs. 3. Intercept password hashes as /bin/su (or another native program) reads or uses them. For example, we may construct a preloadable library that would override crypt() or bigcrypt() and print out the second argument (the salt, assuming that the program actually passes the entire hash, which is a common practice). We may also create a script that would invoke /bin/su for all usernames found in /etc/passwd and pass some wrong password in response to the prompt, just to trigger crypt() or bigcrypt() calls with all hashes. P.S. Please try to avoid quoting my entire messages below your signature. Also, there's no need to CC me on your replies - sending them to the list posting address is sufficient. Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ