From owner-freebsd-hackers  Mon Mar 11 12:57:42 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA15454
          for hackers-outgoing; Mon, 11 Mar 1996 12:57:42 -0800 (PST)
Received: from apollo.COSC.GOV (root@apollo.COSC.GOV [198.94.103.34])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA15444
          for <freebsd-hackers@FreeBSD.org>; Mon, 11 Mar 1996 12:57:40 -0800 (PST)
Received: (from vince@localhost) by apollo.COSC.GOV (8.7.4/8.7.3) id MAA04137; Mon, 11 Mar 1996 12:56:36 -0800 (PST)
Date: Mon, 11 Mar 1996 12:56:36 -0800 (PST)
From: -Vince- <vince@apollo.COSC.GOV>
To: Dmitry Kohmanyuk <dk@snark.ukma.kiev.ua>
cc: sia@jriver.com, sia@nest.org, bag@ua.net, freebsd-hackers@FreeBSD.org,
        stesin@elvisti.kiev.ua
Subject: Re: libcrypt patch to allow mixed DES/MD5 passwords
In-Reply-To: <199603111747.TAA17678@snark.ukma.kiev.ua>
Message-ID: <Pine.BSF.3.91.960311125607.335B-100000@apollo.COSC.GOV>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 11 Mar 1996, Dmitry Kohmanyuk wrote:

	Is there anyway to make a system with DES passwords back into a
MD5 system?

Cheers,
-Vince- vince@COSC.GOV - GUS Mailing Lists Admin - http://www.COSC.GOV/~vince
UC Berkeley AstroPhysics - Electrical Engineering (Honorary B.S.)
Chabot Observatory & Science Center - Board of Advisors
Running FreeBSD - Real UN*X for Free!
Linda Wong/Vivian Chow/Hacken Lee/Danny Chan/Priscilla Chan Fan Club
Mailing Lists Admin


> Hi hackers,
> 
> Following are 2 patches for descrypt which make it fallback to 
> md5 crypt if the salt begins with a '$'.
> 
> the patches are against 2.1-RELEASE lib and secure distributions;
> they are relative to $src/lib/libcrypt and $src/secure/lib/libcrypt
> sorry for broken $Id$s; you can always fix the patch by hand.
> 
> you need to remove old /usr/lib/libcrypt* symlinks and do a `make install' 
> in secure/lib/libcrypt
> 
> you need to rebuild init (in secure) afterwards or otherwise you wouldn't be able
> to login to secure console in single-user if you change the password 
> to DES-encrypted.
> 
> I have noticed that xdm stopped working;  I hope to fix that soon.
> 
> I am running these patches since February 24th on our 7-machine LAN
> (FreeBSD as NIS server, Solaris and Linux as NIS clients, diskless
> FreeBSD 4Mb boxes as X terminals) with no problems apart from xdm
> I've mentioned.
> 
> You can't use MD5 passwords on other systems until you patch theirs 
> libc, obvious.  And even after that you can't fix all the static buffers.
> 
> All new passwords would be DES-encrypted unless you change passwd(1)
> or yppasswd(1) (same on FreeBSD, other program on other systems)
> to make '$1$text' to be your salt.
> 
> It was just very helpful to merge 2 password databases without causing
> half of users to change their passwords.
> 
> please feedback to me directly since I don't read -hackers after 
> my home disk crash.
> 
> cheers,
> Dmitry.
> 
> lib-libcrypt.diff
> secure-libcrypt.diff
> 
> diff -ru lib/libcrypt/crypt.c ./crypt.c
> --- lib/libcrypt/crypt.c	Tue May 30 08:42:22 1995
> +++ ./crypt.c	Mon Mar 11 18:04:50 1996
> @@ -40,7 +40,11 @@
>   */
>  
>  char *
> +#ifdef	SCRYPT
> +scrypt(pw, salt)
> +#else
>  crypt(pw, salt)
> +#endif
>  	register const char *pw;
>  	register const char *salt;
>  {
> 
> 
> diff -ru secure/lib/libcrypt/Makefile ./Makefile
> --- secure/lib/libcrypt/Makefile	Sat Aug 27 02:31:11 1994
> +++ ./Makefile	Mon Mar 11 18:25:39 1996
> @@ -1,5 +1,5 @@
>  #
> -# $Id: Makefile,v 1.7 1994/08/26 23:31:11 wollman Exp $
> +# $Id: Makefile,v 1.1 1996/02/24 15:54:31 dk Exp dk $
>  #
>  
>  LCRYPTBASE=     libcrypt
> @@ -9,8 +9,10 @@
>  LDCRYPTBASE=    libdescrypt
>  LDCRYPTSO=      $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
>  
> +.PATH:	${.CURDIR}/../../../lib/libmd
>  LIB=	descrypt
> -SRCS=	crypt.c
> +SRCS=	crypt.c scrypt.c md5c.c
> +CFLAGS+=	-I${.CURDIR}/../../../libmd -DSCRYPT
>  PRECIOUSLIB=	yes
>  
>  #MAN3=   crypt.3
> @@ -22,6 +24,9 @@
>  
>  test:
>  	cd test ; make test ; make clean
> +
> +scrypt.c:
> +	ln -s ${.CURDIR}/../../../lib/libcrypt/crypt.c scrypt.c
>  
>  
>  .include <bsd.lib.mk>
> diff -ru secure/lib/libcrypt/crypt.c ./crypt.c
> --- secure/lib/libcrypt/crypt.c	Tue May 30 09:11:46 1995
> +++ ./crypt.c	Sat Feb 24 18:11:53 1996
> @@ -32,7 +32,7 @@
>   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>   * SUCH DAMAGE.
>   *
> - *	$Id: crypt.c,v 1.6 1995/05/30 06:11:46 rgrimes Exp $
> + *	$Id: crypt.c,v 1.1 1996/02/24 16:06:00 dk Exp dk $
>   *
>   * This is an original implementation of the DES and the crypt(3) interfaces
>   * by David Burren <davidb@werj.com.au>.
> @@ -63,6 +63,10 @@
>  # include <stdio.h>
>  #endif
>  
> +#ifdef SCRYPT
> +extern char *scrypt(char *, char *);
> +#endif
> +
>  /* We can't always assume gcc */
>  #ifdef __GNUC__
>  #define INLINE inline
> @@ -588,6 +592,11 @@
>  	u_long		count, salt, l, r0, r1, keybuf[2];
>  	u_char		*p, *q;
>  	static u_char	output[21];
> +
> +#ifdef	SCRYPT
> +	if (setting[0] == '$')
> +		return(scrypt(key, setting));
> +#endif
>  
>  	if (!des_initialised)
>  		des_init();
> 
>