|
Message-ID: <20090220000355.GA29555@openwall.com> Date: Fri, 20 Feb 2009 03:03:55 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: DES crypt hashes containing commas On Wed, Feb 18, 2009 at 02:42:32AM -0600, Joshua J. Drake wrote: > I was wondering if you could comment on the following code from > DES_std.c: > > if (ciphertext[13]) return DES_atoi64[ARCH_INDEX(ciphertext[5])] | > ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[6])] << 6) | > ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[7])] << 12) | > ((ARCH_WORD)DES_atoi64[ARCH_INDEX(ciphertext[8])] << 18); This code is found in DES_raw_get_salt(). The code path above (the if condition being true) is only triggered when used from BSDI_fmt.c, not from DES_fmt.c, and it extracts the 24-bit salt. You can see some sample 20-character strings that this processes in BSDI_fmt.c. > Specifically, what are these hashes with commas at the end, and what > is the stuff after the commas for? It looks like something salt and > something rounds? This question is unrelated to the code you have quoted. There is a check for a comma in DES_fmt.c: valid(). A valid 13-character string may end in a NUL byte (which means that it occupied the password hash field fully) or in a comma, which is also considered valid. The comma itself and any characters after it are then disregarded further in valid() and in split(). When a comma is present, such as on some ancient systems, the characters after it normally encode password aging data. On modern systems, this data is placed into separate fields in shadow files instead. The ancient alt.2600/#hack FAQ describes the way password aging data was being encoded in detail, see the answer to Section A, question 06 - "What are those weird characters after the comma in my passwd file?" It also gives a sample entry, but it's not a valid one, unfortunately. I did see real ones (10+ years ago), and JtR worked with those fine. http://www.ussrback.com/docs/ALT2600.TXT I hope this satisfies your curiosity. Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.