Date: Tue, 10 Jul 2001 18:50:01 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/28885: [patch] enhance makekey to check/generate MD5 passwords Message-ID: <200107110150.f6B1o1I72019@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/28885; it has been noted by GNATS. From: Dima Dorfman <dima@unixfreak.org> To: Gregory Bond <gnb@itga.com.au> Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/28885: [patch] enhance makekey to check/generate MD5 passwords Date: Tue, 10 Jul 2001 18:40:32 -0700 Gregory Bond <gnb@itga.com.au> writes: > >Description: > > Makekey can be used from other programs to encrypt passwords. But it is > very awkward to use from a script or the command line, and only produces > DES encryptions. > > These patches extend makekey to handle MD5 passwords and make it much more > convenient to use from a script or the command line, for example when > populating passwd-like files for WEB/IRC/whatever servers. It is now also > able to check passwords. I don't think this is desired. makekey is a very simple program with a very simple purpose: to take a salt and a string and produce a DES hash. You're not *supposed* to use it for MD5; you're not *supposed* to use it in a script; it isn't supposed to be used to check passwords. For an example of how it's supposed to be used, see src/usr.bin/enigma/enigma.c (and I think your patch even breaks this case). What you're looking for is a command-line interface to crypt(3), and makekey isn't, and shouldn't be, it. One is, however, quite trivial to write; I did so a few years ago and my version works great for me. (I've attached the source for anyone who wants it.) I think that something along these lines, perhaps from the ports, is much better than screwing around with makekey's simple life. Regards, Dima Dorfman dima@unixfreak.org /* * Copyright (c) 1999, Dima Dorfman. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Command line interface to the crypt(3) family of routines. */ #include <err.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> static char *mksalt(void); static void usage(void); /* * Returns pointer to static buffer. */ static char * mksalt(void) { static char output[33]; static const char range[] = "abcdefghijklmnopqrstuvwxyz" "0123456789" "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; char *p; for (p = output; p < output + sizeof(output) - 1; p++) *p = range[arc4random() % (sizeof(range) - 1)]; output[sizeof(output) - 1] = '\0'; return (output); } static void usage(void) { fprintf(stderr, "Usage: %s [-n] [-f type] [-s salt] [password ...]\n", getprogname()); exit(1); } int main(int ac, char **av) { int newline, passfree; /* Output trailing NL? free() pass? */ char *salt, *pass; /* Arguments to crypt(3). */ char *sum; /* crypt(3) result. */ char c; char *p, **xp; int passlen, rv; newline = 1; salt = NULL; while ( (c = getopt(ac, av, "f:ns:")) != -1) switch (c) { case 'f': rv = crypt_set_format(optarg); if (rv == 0) errx(1, "invalid format: %s", optarg); break; case 'n': newline = 0; break; case 's': salt = optarg; break; default: usage(); } ac -= optind; av += optind; if (salt == NULL) salt = mksalt(); if (ac == 0) { pass = getpass("Password: "); passfree = 0; } else { passlen = 0; for (xp = av; xp < &av[ac]; xp++) passlen += strlen(*xp); passlen += ac + 1; /* XXX is this right? */ pass = malloc(passlen); pass[0] = '\0'; for (xp = av; xp < &av[ac]; xp++) { strlcat(pass, *xp, passlen); strlcat(pass, " ", passlen); } p = strchr(pass, '\0'); *--p = '\0'; passfree = 1; } sum = crypt(pass, salt); printf("%s%s", sum, newline ? "\n" : ""); if (passfree) free(pass); return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107110150.f6B1o1I72019>