Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 19 Jan 2007 13:38:44 +0300
From: Solar Designer <>
Subject: Re: OpenUnix 8 hash format is not the normal DES?

On Thu, Jan 18, 2007 at 11:44:33PM -0300, Danett song wrote:
>   So now, nothing make sense, it appear to have other password file  (/etc/defaults/ia/master) however it have a own format, the shadow have  only DES format hashs, the program using getpwent() and getspnam()  return hash exactly as in shadow file (DES format), and the system in  some fashion is able to recoganize passwords with 8, 9, 10, 11  characters long via /bin/login, /bin/su, ... 

Well, all it means is that programs such as /bin/login and /bin/su use
proprietary interfaces rather than getspnam().  Here are some ideas for
what we may do:

1. Find out what those interfaces are and use them from our own program,
similar to the one I had posted.

2. Learn the /etc/defaults/ia/master file format - just to the extent
necessary to extract the usernames and full hashes - and parse this file
with our own program, similar to unafs.

3. Intercept password hashes as /bin/su (or another native program)
reads or uses them.  For example, we may construct a preloadable library
that would override crypt() or bigcrypt() and print out the second
argument (the salt, assuming that the program actually passes the entire
hash, which is a common practice).  We may also create a script that
would invoke /bin/su for all usernames found in /etc/passwd and pass
some wrong password in response to the prompt, just to trigger crypt()
or bigcrypt() calls with all hashes.

P.S. Please try to avoid quoting my entire messages below your signature.
Also, there's no need to CC me on your replies - sending them to the
list posting address is sufficient.


Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.