From owner-freebsd-security  Thu Jun  7 11:40:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from slis-two.lis.fsu.edu (slis-two.lis.fsu.edu [128.186.72.102])
	by hub.freebsd.org (Postfix) with ESMTP id 7BC3837B403
	for <freebsd-security@FreeBSD.ORG>; Thu,  7 Jun 2001 11:40:33 -0700 (PDT)
	(envelope-from david@slis-two.lis.fsu.edu)
Received: from localhost (david@localhost)
	by slis-two.lis.fsu.edu (8.11.1/8.11.1) with ESMTP id f57Ifv764262;
	Thu, 7 Jun 2001 14:42:01 -0400 (EDT)
	(envelope-from david@slis-two.lis.fsu.edu)
Date: Thu, 7 Jun 2001 14:41:57 -0400 (EDT)
From: David Miner <david@slis-two.lis.fsu.edu>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: edwin chan <huacheng@public.guangzhou.gd.cn>,
	Olivier Nicole <Olivier.Nicole@ait.ac.th>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: Encrypted passwords
In-Reply-To: <20010607202014.S59617@mail.webmonster.de>
Message-ID: <Pine.BSF.4.30_heb2.09.0106071439270.64212-100000@slis-two.lis.fsu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 7 Jun 2001, Karsten W. Rohrbach wrote:

> a simple script using pwgen(1) from the ports collection to generate the
> cleartext password, using pw(8)'s instrumentation for passing a password
> to it via filehandle would simplify things a bit, i think.
> /k
>
It's not the generation of the passwords that is the problem.  It's the
encryption.

I put print statements into the program, created two users, and check
vipw.

These are the outputs:

entries in pwd.db:

try-1:wUe7aHIXK/8O.:1260:1337::0:0:LIStry-1:/usr/try-1:/bin/csh
try-2:tgx8fwK0d6cQM:1261:1338::0:0:LIStry-2:/usr/try-2:/bin/csh

Program output:

Enter password file name:  pw7
Password file read
Enter path to home directories: /usr
Enter class name: try
Enter first number wanted: 1
Enter number of users wanted: 2
try-1 chock1

wUlVdJxRtry-1 /usr/try-1 wUe7aHIXK/8O.
chpass: updating the database...
chpass: done
try-2 chock1

tgtM0gIZtry-2 /usr/try-2 tgx8fwK0d6cQM
chpass: updating the database...
chpass: done

Notice that the encrypted password from the program appears to be the same
as reported in vipw.  But the user cannot login with the password.

David
---------------------------------------------------------------------
David R. Miner                                   miner@lis.fsu.edu
Systems Integrator                               voice: 850-644-8107
School of Information Studies                    fax:   850-644-6253
Florida State University
Tallahassee, FL  32306-2100



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message