Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Mar 2008 09:53:46 -0600
From: RB <aoz.syn@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How to determine # users with a shadow file

> I tried that initially but I have to count DES hashes as well, DES hashes do
>  not contain the $ symbol but are 13 characters long, so that's how I came up
>  with the 13 or 34 awk script.  I assume the 34 would catch all MD5 hashes?

Sorry, forgot about the old DES hashes.  Looks like 34 would catch
Linux MD5 hashes, but not Sun MD5, which are 37 characters, nor
OpenBSD Blowfish, which are 61 (SuSE or anything using pam_unix2 or
Openwall's TCB).  Since DES is mostly the exception here (no regular
leading signature), you may just want to deal with it separately,
i.e.:

awk -F: '((length($2)==13)||($2 ~ /^\$/)){print $0}' foo.txt

That would probably cover most signature possibilities you would
encounter in your given environment, allowing for some future
alteration.  It's still moderately brittle, but nothing short of
validating each string as a hash individually will be perfect (reading
DES_fmt.c shows the DES hash can also be 24 characters long).  IMO,
it's all about minimizing effort while maximizing throughput: if
you're sure you won't encounter any odd hashes or that it won't be the
end of the world if you do, stick with the length tests.

RB

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.