From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29547 invoked from network); 10 Nov 2003 22:20:27 -0000 Received: from unknown (HELO monty-python.gnu.org) (199.232.76.173) by sources.redhat.com with SMTP; 10 Nov 2003 22:20:27 -0000 Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1AJL0D-0001UH-Go for listarch-gnats-devel@sources.redhat.com; Mon, 10 Nov 2003 17:59:21 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1AJKz7-0001JV-DS for help-gnats@gnu.org; Mon, 10 Nov 2003 17:58:13 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1AJKyX-0001Bg-VM for help-gnats@gnu.org; Mon, 10 Nov 2003 17:58:09 -0500 Received: from [128.138.98.226] (helo=localhost.localdomain) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.24) id 1AJKyW-0001B2-Di for help-gnats@gnu.org; Mon, 10 Nov 2003 17:57:36 -0500 Received: from localhost.localdomain (red5 [127.0.0.1]) by localhost.localdomain (8.12.8/8.12.8) with ESMTP id hAALu9UR004509; Mon, 10 Nov 2003 14:56:09 -0700 Received: (from ahotasu@localhost) by localhost.localdomain (8.12.8/8.12.8/Submit) id hAALu8wP004507; Mon, 10 Nov 2003 14:56:08 -0700 X-Authentication-Warning: localhost.localdomain: ahotasu set sender to David.Gathright@lasp.colorado.edu using -f From: David S Gathright To: gargp@acm.org In-Reply-To: <3FAFFDA1.9090805@acm.org> References: <1068488405.1165.31.camel@red5> <3FAFE919.8020402@acm.org> <1068490311.1169.49.camel@red5> <3FAFFDA1.9090805@acm.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: LASP - University of Colorado Message-Id: <1068501368.1169.61.camel@red5> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 10 Nov 2003 22:20:00 -0000 Cc: help-gnats@gnu.org Subject: Re: Trouble using encrypted passwords X-BeenThere: help-gnats@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: General discussion about GNU GNATS List-Archive: List-Post: List-Help: List-Subscribe: , Sender: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org Errors-To: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org X-SW-Source: 2003-q4/txt/msg00049.txt.bz2 Ok, so I'm going to answer my own question here. Don't ask me why this didn't work earlier, I don't know, but for the record: Somehow, the crypt() function generates the same result (encrypted string) from the same key (raw password) and two different salts. Nifty. To use DES encryption (instead of MD5 or no encryption), simply generate passwords using the standard crypt() function. You can do this in either C or perl (and I'm sure, in python, if I knew anything about that). Here is a command line quickie: machine% perl -e 'print crypt("password", "salt" ), "\n"' On my box, this generates the encrypted string: "sa3tHJ3/KuYvI" Now, testing the black magic that is the crypt function, you should be able to get the same answer from the crypt function for this key using this encrypted string as the "salt" value: machine% perl -e 'print crypt("password", "sa3tHJ3/KuYvI" ), "\n"' I'm not sure why I was having trouble doing this earlier, anyway--perhaps we can add this to the perl/python lines in the documentation showing MD5 password generation? One could use a more paranoid version that uses a combination of the process ID and system time to generate the salt value, I suppose: machine% perl -e 'print crypt("password", time() % 1e6 * $$ ), "\n"' I'm not sure exactly what this gains, other than perhaps a slightly "better" encrypted password stored in the user_access file. On Mon, 2003-11-10 at 14:05, Pankaj K Garg wrote: > David S Gathright wrote: > > No, I didn't try that, mostly because I don't have root access on that > > machine. > > > > What I guess is most confusing to me is that there are three pieces of > > information: the raw password, the salt, and the encrypted password. > > Now, in the MD5 scheme, the salt is stored with the encrypted password > > ($1$salt$enc_password). However, in the crypt() scheme, there is no > > specified way to store the key, so, how is that done? > > Its been a while since I did this, but looking at the code, it seems > that the salt is '$1$', '$2$', etc. Can you try these with the > Python/Perl code and see what happens? The source code in gnatsd.c is > using the C library function 'crypt' with these salts. -- David S Gathright LASP - University of Colorado _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://mail.gnu.org/mailman/listinfo/help-gnats