Date: Tue, 10 Jul 2001 18:50:01 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/28885: [patch] enhance makekey to check/generate MD5 passwords Message-ID: <200107110150.f6B1o1I72019@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/28885; it has been noted by GNATS.
From: Dima Dorfman <dima@unixfreak.org>
To: Gregory Bond <gnb@itga.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/28885: [patch] enhance makekey to check/generate MD5 passwords
Date: Tue, 10 Jul 2001 18:40:32 -0700
Gregory Bond <gnb@itga.com.au> writes:
> >Description:
>
> Makekey can be used from other programs to encrypt passwords. But it is
> very awkward to use from a script or the command line, and only produces
> DES encryptions.
>
> These patches extend makekey to handle MD5 passwords and make it much more
> convenient to use from a script or the command line, for example when
> populating passwd-like files for WEB/IRC/whatever servers. It is now also
> able to check passwords.
I don't think this is desired. makekey is a very simple program with
a very simple purpose: to take a salt and a string and produce a DES
hash. You're not *supposed* to use it for MD5; you're not *supposed*
to use it in a script; it isn't supposed to be used to check
passwords. For an example of how it's supposed to be used, see
src/usr.bin/enigma/enigma.c (and I think your patch even breaks this
case).
What you're looking for is a command-line interface to crypt(3), and
makekey isn't, and shouldn't be, it. One is, however, quite trivial
to write; I did so a few years ago and my version works great for me.
(I've attached the source for anyone who wants it.) I think that
something along these lines, perhaps from the ports, is much better
than screwing around with makekey's simple life.
Regards,
Dima Dorfman
dima@unixfreak.org
/*
* Copyright (c) 1999, Dima Dorfman.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Command line interface to the crypt(3) family of routines.
*/
#include <err.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
static char *mksalt(void);
static void usage(void);
/*
* Returns pointer to static buffer.
*/
static char *
mksalt(void)
{
static char output[33];
static const char range[] =
"abcdefghijklmnopqrstuvwxyz"
"0123456789"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ";
char *p;
for (p = output; p < output + sizeof(output) - 1; p++)
*p = range[arc4random() % (sizeof(range) - 1)];
output[sizeof(output) - 1] = '\0';
return (output);
}
static void
usage(void)
{
fprintf(stderr, "Usage: %s [-n] [-f type] [-s salt] [password ...]\n",
getprogname());
exit(1);
}
int
main(int ac, char **av)
{
int newline, passfree; /* Output trailing NL? free() pass? */
char *salt, *pass; /* Arguments to crypt(3). */
char *sum; /* crypt(3) result. */
char c;
char *p, **xp;
int passlen, rv;
newline = 1;
salt = NULL;
while ( (c = getopt(ac, av, "f:ns:")) != -1)
switch (c) {
case 'f':
rv = crypt_set_format(optarg);
if (rv == 0)
errx(1, "invalid format: %s", optarg);
break;
case 'n':
newline = 0;
break;
case 's':
salt = optarg;
break;
default:
usage();
}
ac -= optind;
av += optind;
if (salt == NULL)
salt = mksalt();
if (ac == 0) {
pass = getpass("Password: ");
passfree = 0;
} else {
passlen = 0;
for (xp = av; xp < &av[ac]; xp++)
passlen += strlen(*xp);
passlen += ac + 1; /* XXX is this right? */
pass = malloc(passlen);
pass[0] = '\0';
for (xp = av; xp < &av[ac]; xp++) {
strlcat(pass, *xp, passlen);
strlcat(pass, " ", passlen);
}
p = strchr(pass, '\0');
*--p = '\0';
passfree = 1;
}
sum = crypt(pass, salt);
printf("%s%s", sum, newline ? "\n" : "");
if (passfree)
free(pass);
return (0);
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107110150.f6B1o1I72019>