[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tiger-devel] gen_passwd_sets and MD5 passwords for Linux
From: |
Ryan Bradetich |
Subject: |
Re: [Tiger-devel] gen_passwd_sets and MD5 passwords for Linux |
Date: |
29 Jun 2003 21:58:45 -0600 |
On Sat, 2003-06-28 at 14:55, Nicolas François wrote:
> Hello,
>
> In the 'zappasswd' function of 'systems/Linux/2/gen_passwd_sets', MD5
> passwords are recognized by this case pattern:
> # For MD5 passwds (35 chars) starting with $1$ (Linux)
>
> \$1\$[a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/])
>
> (the magic "$1$" and 32 times a char from [a-zA-Z0-9\.$/])
>
> For gen_passwd_sets revisions prior to 1.4, the case pattern contained
> only 34 chars, but the comment "# For MD5 passwds (35 chars) starting with
> $1$ (Linux)" comes from the initial revision.
>
> AFAIK, MD5 passwd are only 34 chars. (It is the case for all the Linux
> /etc/shadow I checked).
Ack, you are right. I forgot that wc -c includes the null character.
Thanks for this correction (though it did properly match the MD5
passwords). I will look into this some more and see what I can find.
> According to man crypt:
> GNU EXTENSION
> The glibc2 version of this function has the following additional fea-
> tures. If salt is a character string starting with the three charac-
> ters "$1$" followed by at most eight characters, and optionally termi-
> nated by "$", then instead of using the DES machine, the glibc crypt
> function uses an MD5-based algorithm, and outputs up to 34 bytes,
> namely "$1$<string>$", where "<string>" stands for the up to 8 charac-
> ters following "$1$" in the salt, followed by 22 bytes chosen from the
> set [a-zA-Z0-9./]. The entire key is significant here (instead of only
> the first 8 bytes).
>
> Does this means that the encrypted password can be less than 34 chars ?
> Does the "\$1\$[a-zA-Z0-9./]{0,8}\$[a-zA-Z0-9./]{22}" regex should be
> used?
This regular expression looks better than mine. I will submit a patch,
thanks for the sanity check and the correction!
> By the way, does anybody know how to use a shorter bash case pattern?
> (I'm dreaming of something like '\$1\$[a-zA-Z0-9./]{31}').
I am not a shell expert, but the books and research I have found does
not indicate a way to do this. I am also interested if anyone has a
good way to handle this :)
Thanks for the review!
- Ryan
> hth
--
Ryan Bradetich <address@hidden>