Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: passwd hashing algorithm
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Thu, 20 Apr 95 22:28:40 CDT


SecureWare uses a mechanism similar to this and it is part of one of
their security offerings.  I've used a slightly different, but similar,
approach for several years

We do not.  See below.
 
I think the confusion lies in "similar".  Otherwise, I stand by my
remarks, source code samples from you not withstanding.

This is most certainly NOT SecureWare's password implementation, although
I can understand why there might be some confusion.  SecureWare has modified
the behavior of password hashing not to increase the strength of the
underlying crypt(), but to increase the size of the possible password space
and the resulting hash value.  The algorithm breaks a password into crypt-
sized blocks, running crypt() across each block.  The salt for each block is
derived from the ciphertext of the previous block to provide linkage between
the individual blocks.  The resulting hash is the concatenation of the 
various ciphertext blocks, prefixed with the initial salt.
 
Yes.  You use crypt() once for each block of 8 characters.  This is
what was described.  25 rounds of DES (one crypt()) with the first
crypt()-sized block followed by 25 rounds of DES (one crypt()) with
the second crypt()-sized block.  As I understand the algorithm, the
salt is the last 2 ciphertext characters of the previous encrypted
result.

This strong mechanism, combined with shadow password files and configurable 
password controls (random pronounceable password generator, password aging, 
minimum allowable lengths, attack detection and account lockout, etc...)
allow a system security officer to be as paranoid as they choose -- e.g.,
passwords can be configured to look like standard Unix, they can be configured
to be 128 byte random passwords, or they can be configured somewhere in
between.  As an example, my password is between 8 and 16 bytes long.  Its
entry in the shadow password database looks like:

watt:u_name=watt:u_id#124:\
:u_pwd=8F0Ovkj7jA9jE.ofsJ4MaIt6:\

Meaning that your password was created when crypt() returned
"8F0Ovkj7jA9jE" then "jE.ofsJ4MaIt6".  If the guy with the crypt() attack
was serious, he should be able to generate a pair of keys which will
produce your encrypted password.
-- 
John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   @'s: jfh () rpp386 cactus org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]