Date: Tue, 18 Feb 1997 17:31:01 +0200 From: Mark Murray <mark@grondar.za> To: Mikael Karpberg <karpen@ocean.campus.luth.se> Cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Message-ID: <199702181531.RAA07047@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
Mikael Karpberg wrote:
> I must say, I have NO idea how you mean this. Either you are very confused,
> or I am very confused. One of the two, and I don't know which. :-)
>
> First of all, so what is crypt returns something predictable for a certain
> input? Crypt's strength might be that you can't get the output you want by
> tweaking th input, BUT... what has that got to do with it? The point is
> that even if you know you can get crypt to return "************", it's
> really not going to do you any good, is it? If you could, by just entering
> a certain password, make crypt produce that string (and you couldn't. You
> would need to also set the salt, etc, meaning you have to write a c program
> to do it. And why bother comparing strings, then, when you can just succeed?)
> it would do you no good at all, since login (or whatever program you use
> for trying to hack root) would compare the output against the password
> in the /etc/master.passwd file, and that will never _be_ "***********", so
> you will never get a match anyway, and failing a match, login will be refused
.
> Where did I err in thinking this (if I did)?
OK - here's the attack:
Our luser has fouled up his system a bit (this is a prerequisite), so that
he has passwords that are your default *************.
The attacker notices the foul-up, guesses there are ********** passwords,
and trys to get in. He should be able to get login to execute
crypt("***************", "rubbish password typed at passwd:prompt")
to return "***************", IOW the same "crypted" password as the
passwd file. This lets him in. If this happens to th root account, he
is in.
> Second, after some "research" (actually reading the manpage for crypt)
> I found this in crypt's manpage:
> "The function crypt() returns a pointer to the encrypted value on success
> and NULL on failure."
>
> Note: Or NULL on failure. I didn't think it could return that. That changes
> things; it _is_ TRT to return NULL if you don't find the lib for a
> choosen encryption. So that should be the end of that. :-)
Fair enough.
> How do you crash crypt? And what do you gain from making it reutn "**********
"
> when that will never match anything? Hmmm....
If the dynamic linking of crypt types is too fragile, it will be too easy
to force an error.
If crypt _previously_ returned a "*************", and now can do it
by generating an error, it will match.
M
--
Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36
This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702181531.RAA07047>