From owner-freebsd-security Wed Jul 7 4:41:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id 41BF114DE2 for ; Wed, 7 Jul 1999 04:41:09 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 58E8E78; Wed, 7 Jul 1999 19:41:08 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.0.2 2/24/98 To: Kris Kennaway Cc: security@freebsd.org Subject: Re: Improved libcrypt ready for testing In-reply-to: Your message of "Wed, 07 Jul 1999 09:08:32 +0930." Date: Wed, 07 Jul 1999 19:41:08 +0800 From: Peter Wemm Message-Id: <19990707114108.58E8E78@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > On Wed, 7 Jul 1999, Peter Wemm wrote: > > > Say... you wouldn't like to impliment an NT-style password hash, would you? > > *NOT* the LAN-Manager (LAN-damager?) hash with the 2 chunks of 7 characters > > weak method that gets decoded in what seems like seconds according to > > bugtraq. The NT hash is 128 character etc. It's also unicode and not case > > sensitive, but that shouldn't be a problem to implement. > > This is worth looking at. Do the password hashes have any distinguishing > characteristics other than being 128 characters long? I'm wondering how > they'd be distinguished in the password file, unless we add a $NT$ prefix. > > Kris Looking at /usr/local/private/smbpasswd, samba's NT-style shadow password file: logname:2004:260AAF5FD661391EAAD3B345B51404EE:E9402F112D1BEC4978F943B55C11EB46: Gecos Username:/home/logname:/usr/local/bin/tcsh So, I guess this would do: $NT$260AAF5FD661391EAAD3B345B51404EE$E9402F112D1BEC4978F943B55C11EB46 (This is a real line with the names and hash sufficiently corrupted so nobody gets ideas about trying to crack it. :-) Also, we really do need some way to implement plugins that works on both static and dynamic binaries. I would suggest that for dynamic binaries, libcrypt would be compiled (ie: #ifdef PIC) to dlopen() the .so files based on a config file. For static libcrypt, it would have to fork and pipe the string to a static helper binary that returns the hash from the string. That way /sbin/init will be able to verify any method for root password when in non-secure console mode. I would suggest a /etc/crypt.conf or something that contains the prefix and both a static and dynamic plugin. ie: NT /usr/lib/pwhash_nt.so /sbin/_pwhash_nt 1 /usr/lib/pwhash_md5.so /sbin/_pwhash_md5 2 /usr/lib/pwhash_bfish.so /sbin/_pwhash_bfish default /usr/lib/pwhash_des.so /sbin/_pwhash_des Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message