Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 18 Dec 2005 21:04:35 +0300
From: Solar Designer <>
Subject: Re: saltless passwords

On Sun, Dec 18, 2005 at 05:39:42PM +0000, Tavis Ormandy wrote:
> For some reason, possibly unintentionally, the `passwd` utility provided
> by busybox does not use a salt when the md5 algorithm is selected (the
> default). This results in encrypted password fields in the format:
> $1$$I2o9Z7NcvQAKp7wyCTlia0

This should be reported to busybox developers as a bug.

> this check from valid() in MD5_fmt.c seems to be responsible:
> if (!*pos || pos < &ciphertext[4] || pos > &ciphertext[11]) return 0;

In current versions of John the Ripper, this line reads:

	if (!*pos || pos < &ciphertext[3] || pos > &ciphertext[11]) return 0;

I've just made sure that 1.6.40 loads and cracks your sample password
file - it does.

> Unless there's a good reason for this check, as at least one passwd
> implementation in use doesnt seem to generate a salt, maybe this check
> should be removed?

It needed to be relaxed, not removed, and that had been done some years
ago (I don't remember when I did that exactly).

Hopefully, it won't take too long before I officially release 1.6.40+
as 1.7.


Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.