From owner-freebsd-security  Sat Jan  5 11:39:44 2002
Delivered-To: freebsd-security@freebsd.org
Received: from pkl.net (spoon.pkl.net [212.111.57.14])
	by hub.freebsd.org (Postfix) with ESMTP id 47F3337B419
	for <freebsd-security@freebsd.org>; Sat,  5 Jan 2002 11:39:40 -0800 (PST)
Received: (from rik@localhost)
	by pkl.net (8.9.3/8.9.3) id TAA08631
	for freebsd-security@freebsd.org; Sat, 5 Jan 2002 19:39:39 GMT
Date: Sat, 5 Jan 2002 19:39:39 +0000
From: Rik <freebsd-security@rikrose.net>
To: freebsd-security@freebsd.org
Subject: Re: MS5 password salt calculation
Message-ID: <20020105193939.A7927@spoon.pkl.net>
References: <bulk.34219.20011229215845@hub.freebsd.org> <20011230013854.A39364@wjv.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011230013854.A39364@wjv.com>; from bv@wjv.com on Sun, Dec 30, 2001 at 01:38:54AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I've been thinking about this Modulær Crypt Format, and wondering what
it's capable of, and where the docs are for it...

On Sun, Dec 30, 2001 at 01:38:54AM -0500, Bill Vermillion wrote:
> You can't say that $1$ 'caught on' as that's the way it is defined
> to indicate what follows. The $1$ indicates the following is an MD5.
> I was looking for the docs the other day, and from memory if the
> first characters are $5$, then that indicates that the following
> string would be blowfish encryption. You should also not that the
> next $ is the salt separator, and on my system there are typically 8
> digits after $1$ and before the next $, for 2trillion+ salts.

I've mailed Bill, and he doesn't know of any *good* docs about it. The
best I've found is man 3 crypt, and the best Google can find is more
copies of man 3 crypt, usually out of date.

Are there any better docs about Modular Crypt Format (to give it the
proper title).

The man page says:
If the salt begins with the string $digit$ then the Modular Crypt Format
is used.  The digit represents which algorithm is used in encryption.

But in what way does it represent it? Is there a lookup table somewhere?
If so, where? The "currently supported algorithms list" on the man page
says $1$ == MD5 and $2$ == Blowfish. Assuming blowfish works, then if I
ran perl -le 'print crypt( "meow", "\$2\$SALT" )' ought to yield a
blowfish crypted password, shouldn't it? It doesn't, AFAICS.

rik
-- 
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message