From owner-freebsd-security Wed Sep 20 09:42:58 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id JAA19727 for security-outgoing; Wed, 20 Sep 1995 09:42:58 -0700 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA19722 for ; Wed, 20 Sep 1995 09:42:43 -0700 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id SAA04473 ; Wed, 20 Sep 1995 18:41:30 +0200 Received: from (uucp@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id SAA09870 ; Wed, 20 Sep 1995 18:41:30 +0200 Received: (from roberto@localhost) by keltia.Freenix.FR (8.7/keltia-uucp-2.5) id JAA18979; Wed, 20 Sep 1995 09:20:51 +0200 (MET DST) From: Ollivier Robert Message-Id: <199509200720.JAA18979@keltia.Freenix.FR> Subject: Re: crack for freebsd To: mark@grondar.za (Mark Murray) Date: Wed, 20 Sep 1995 09:20:51 +0200 (MET DST) Cc: clary@s4.elec.uq.edu.au, freebsd-security@FreeBSD.org In-Reply-To: <199509200555.HAA03406@grumble.grondar.za> from "Mark Murray" at Sep 20, 95 07:55:38 am X-Operating-System: FreeBSD 2.2-CURRENT ctm#1085 X-Mailer: ELM [version 2.4 PL24 ME7a+] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org Precedence: bulk It seems that Mark Murray said: > Any version of crack will work, as long as you link against FreeBSD's > -lcrypt. This libriary is a link to the current encryption scheme, so > upgrading libcrypt MD5 -> DES will be transparent to all apps (including > crack). Hmm, you'll have to deal with longer-than-2-characters salt and a much longer password. And the structure of the encrypted password is different (magic # and separators). Here is the code I used for my su-like tool (gives root priv. to some persons -- written in a list -- with the guy own password). #ifdef __FreeBSD__ /* cope with MD5 based crypt(3) */ if (!strncmp (calife->pw_passwd, "$1$", 3)) /* MD5 */ { char * pp = (char *) xalloc (1, strlen (calife->pw_passwd) + 1); char * md5_salt; char * md5_pass; strcpy (pp, calife->pw_passwd + 3); md5_salt = strtok (pp, "$"); md5_pass = strtok (NULL, "$"); if (md5_pass == NULL || md5_salt == NULL || (strlen (md5_salt) > 8)) /* garbled password */ { syslog (LOG_AUTH | LOG_ERR, "GARBLED PASSWORD %s to unknown %s on %s", name, user_to_be, tty); fprintf (stderr, "Bad password string.\n"); fflush (stderr); exit (8); } MESSAGE_1 ("MD5 password found, salt=%s\n", md5_salt); strcpy (salt, md5_salt); free (pp); } else { #endif /* !__FreeBSD__ */ strncpy (salt, calife->pw_passwd, 2); salt [2] = '\0'; #ifdef __FreeBSD__ } #endif /* __FreeBSD__ */ -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995