Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Feb 2009 03:03:55 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: DES crypt hashes containing commas

On Wed, Feb 18, 2009 at 02:42:32AM -0600, Joshua J. Drake wrote:
> I was wondering if you could comment on the following code from
> DES_std.c:
> 
>         if (ciphertext[13]) return DES_atoi64[ARCH_INDEX(ciphertext[5])] |
>                 ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[6])] << 6) |
>                 ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[7])] << 12) |
>                 ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[8])] << 18);

This code is found in DES_raw_get_salt().  The code path above (the if
condition being true) is only triggered when used from BSDI_fmt.c, not
from DES_fmt.c, and it extracts the 24-bit salt.  You can see some
sample 20-character strings that this processes in BSDI_fmt.c.

> Specifically, what are these hashes with commas at the end, and what
> is the stuff after the commas for?  It looks like something salt and
> something rounds?

This question is unrelated to the code you have quoted.  There is a
check for a comma in DES_fmt.c: valid().  A valid 13-character string
may end in a NUL byte (which means that it occupied the password hash
field fully) or in a comma, which is also considered valid.  The comma
itself and any characters after it are then disregarded further in
valid() and in split().

When a comma is present, such as on some ancient systems, the characters
after it normally encode password aging data.  On modern systems, this
data is placed into separate fields in shadow files instead.

The ancient alt.2600/#hack FAQ describes the way password aging data was
being encoded in detail, see the answer to Section A, question 06 -
"What are those weird characters after the comma in my passwd file?"
It also gives a sample entry, but it's not a valid one, unfortunately.
I did see real ones (10+ years ago), and JtR worked with those fine.

http://www.ussrback.com/docs/ALT2600.TXT

I hope this satisfies your curiosity.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.