tiger-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tiger-devel] gen_passwd_sets and MD5 passwords for Linux

From: Ryan Bradetich
Subject: Re: [Tiger-devel] gen_passwd_sets and MD5 passwords for Linux
Date: 29 Jun 2003 21:58:45 -0600 
On Sat, 2003-06-28 at 14:55, Nicolas François wrote:
> Hello,
> 
> In the 'zappasswd' function of 'systems/Linux/2/gen_passwd_sets', MD5
> passwords are recognized by this case pattern:
> # For MD5 passwds (35 chars) starting with $1$ (Linux)
>  
> \$1\$[a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/])
> 
> (the magic "$1$" and 32 times a char from [a-zA-Z0-9\.$/])
> 
> For gen_passwd_sets revisions prior to 1.4, the case pattern contained
> only 34 chars, but the comment "# For MD5 passwds (35 chars) starting with
> $1$ (Linux)" comes from the initial revision.
> 
> AFAIK, MD5 passwd are only 34 chars. (It is the case for all the Linux
> /etc/shadow I checked).

Ack, you are right.  I forgot that wc -c includes the null character. 
Thanks for this correction (though it did properly match the MD5
passwords).  I will look into this some more and see what I can find.


> According to man crypt:
> GNU EXTENSION
>   The glibc2 version of this function has the following  additional  fea-
>   tures.   If  salt is a character string starting with the three charac-
>   ters "$1$" followed by at most eight characters, and optionally  termi-
>   nated  by  "$",  then instead of using the DES machine, the glibc crypt
>   function uses an MD5-based algorithm,  and  outputs  up  to  34  bytes,
>   namely  "$1$<string>$", where "<string>" stands for the up to 8 charac-
>   ters following "$1$" in the salt, followed by 22 bytes chosen from  the
>   set [a-zA-Z0-9./].  The entire key is significant here (instead of only
>   the first 8 bytes).
> 
> Does this means that the encrypted password can be less than 34 chars ?
> Does the "\$1\$[a-zA-Z0-9./]{0,8}\$[a-zA-Z0-9./]{22}" regex should be
> used?

This regular expression looks better than mine.  I will submit a patch,
thanks for the sanity check and the correction!

> By the way, does anybody know how to use a shorter bash case pattern?
> (I'm dreaming of something like '\$1\$[a-zA-Z0-9./]{31}').

I am not a shell expert, but the books and research I have found does
not indicate a way to do this.  I am also interested if anyone has a
good way to handle this :)

Thanks for the review!

- Ryan

> hth
-- 
Ryan Bradetich <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]