Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20070119103844.GA31844@openwall.com>
Date: Fri, 19 Jan 2007 13:38:44 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

On Thu, Jan 18, 2007 at 11:44:33PM -0300, Danett song wrote:
>   So now, nothing make sense, it appear to have other password file  (/etc/defaults/ia/master) however it have a own format, the shadow have  only DES format hashs, the program using getpwent() and getspnam()  return hash exactly as in shadow file (DES format), and the system in  some fashion is able to recoganize passwords with 8, 9, 10, 11  characters long via /bin/login, /bin/su, ... 

Well, all it means is that programs such as /bin/login and /bin/su use
proprietary interfaces rather than getspnam().  Here are some ideas for
what we may do:

1. Find out what those interfaces are and use them from our own program,
similar to the one I had posted.

2. Learn the /etc/defaults/ia/master file format - just to the extent
necessary to extract the usernames and full hashes - and parse this file
with our own program, similar to unafs.

3. Intercept password hashes as /bin/su (or another native program)
reads or uses them.  For example, we may construct a preloadable library
that would override crypt() or bigcrypt() and print out the second
argument (the salt, assuming that the program actually passes the entire
hash, which is a common practice).  We may also create a script that
would invoke /bin/su for all usernames found in /etc/passwd and pass
some wrong password in response to the prompt, just to trigger crypt()
or bigcrypt() calls with all hashes.

P.S. Please try to avoid quoting my entire messages below your signature.
Also, there's no need to CC me on your replies - sending them to the
list posting address is sufficient.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.