[ale] Password hashes bent

Joe Steele joe at madewell.com
Tue Jul 25 20:09:07 EDT 2000


A little info:

There are two versions of crypt  -- the old version 
(before glibc-2) only used DES while the newer version 
can use DES or MD5.  The newer version will use MD5 if 
it is given a salt beginning with "$1$", otherwise it 
uses DES.  The MD5 result begins with "$1$" and is 
26-34 characters long (depending on the salt length).  
The DES result is 13 characters long.

Another twist is that glibc-2 doesn't include the DES 
capability except as an add-on.  Likewise, Slackware 
offers the DES-capable crypt package as an add-on (see http://www.slackware.com/packages/index.php3?version=7.1&series=des).  
Without it, only MD5-crypt is possible -- If the salt 
doesn't begin with "$1$", crypt returns with NULL and 
error code EOPNOTSUPP.

I don't know if any of this helps.  The obvious answer 
(which you apparently have eliminated) would be that if 
a program was linked to the older version of crypt (from 
libc5), then authentication would fail.  

--Joe

-----Original Message-----
From:	Joe Knapka [SMTP:jknapka at charter.net]
Sent:	Monday, July 24, 2000 8:07 PM
To:	ale at ale.org
Subject:	[ale] Password hashes bent

Hi, folks,

I just upgraded my masq firewall from Slackware 3.0 to Slack
7.1. Everything is basically working, but I have one very
bizarre problem: I can't log in to the machine using either
ssh or telnet anymore.

I saved the firewall rules and so forth from the previous
install, and they work (I'm sending this message from a
machine behind the firewall.) That's not the problem. After
pulling my hair out for a while, I ended up instrumenting
sshd to print the hashed password from the shadow password
file and the hashed password it gets by running crypt() on
the plain text password, and.... THEY'RE DIFFERENT! Which
is insane, because I can still login at the console without
any trouble, which means that -getty- is calling crypt() and
getting the right answer. It's almost as if sshd and getty
are calling different versions of crypt(). But I've verified
that getty and sshd are linked against the same version of
glibc, so I don't see how this is possible.

One thing that I notice is that the encrypted passwords in
the shadow password file are much longer than those yielded
by crypt() = something like 3 times as long.

Any ideas?

TIA,

-- Joe

-- 
*** Joe Knapka ***
I don't know anything about music.  In my line you don't have to.
		-- Elvis Presley
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list