[ale] Re: MD5

Denny Chambers dchambers at bugfixer.net
Thu Feb 27 15:30:47 EST 2003


The salt for a standard crypt password is the first two letters of the 
encrypted password. For md5 password the salt is the first five 
characters of the encrypted password. The md5 password will always begin 
with $1$, so the salt will be something like $1$AA

Denny

cfowler wrote:

>The only thing I can tell you is to 'man crypt'
>
>the passwords are one way encrypted.  The can be encrypted but not
>decrypted.  SO in UNIX what happens is that when a user logs in, the
>plain text password is encrypted via crypt().  The original encrypted
>password is supplied as the salt.  crypt() is smart enough to extract
>the salt from the encrypted string.  If the newly encrypted string
>matches what is in the /etc/passwd file, then the user has passed that
>test.
>
>In order to read /etc/passwd and friends, the pass program must be ran
>as root.  Take the C code I gave you and modify it to exit(code) with
>special numbers. Then look at $? in the script after execution and
>you'll know if it was successful are not and can continue with the code
>for the correct circumstance.
>
>#!/bin/sh
>
>user=$1
>pass=$2
>
>pass ${user} ${pass}
>RVAL=$?
>
>if [ $RVAL -eq 2 ]
>then
>   echo "Invalid username"
>   exit 1
>fi
>
>if [ $RVAL -eq 1 ]
>then
>  echo "Invalid password"
>  exit 1
>fi
>
># Do somehting....
>
>
>
>On Thu, 2003-02-27 at 15:16, Robert L. Harris wrote:
>  
>
>>Thanks,
>>  Do you have any docs I can read up on also?  Finding good info seems a
>>bit sketchy.
>>
>>Robert
>>
>>
>>Thus spake cfowler (cfowler at outpostsentinel.com):
>>
>>    
>>
>>>Robert,
>>>
>>>I cranked out a quick program that may work
>>>
>>>pass <user> <pass>
>>>
>>>For user tom it would be: pass tom password
>>>
>>>Attached is bin and source.
>>>
>>>
>>>
>>>-- 
>>>"The Law of Leaky Abstractions"
>>>There is a time where abstractions lead to the inablity to 
>>>fix problems that leak through the abstraction.
>>>http://www.joelonsoftware.com/articles/LeakyAbstractions.html
>>>      
>>>
>>
>>
>>:wq!
>>---------------------------------------------------------------------------
>>Robert L. Harris                     | PGP Key ID: E344DA3B
>>                                         @ x-hkp://pgp.mit.edu 
>>DISCLAIMER:
>>      These are MY OPINIONS ALONE.  I speak for no-one else.
>>
>>Diagnosis: witzelsucht  	
>>
>>IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
>>IPv4 = robert at mail.rdlg.net	http://www.rdlg.net
>>    
>>

 S/MIME Cryptographic Signature




More information about the Ale mailing list