From owner-freebsd-security  Wed Sep 20 09:42:58 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id JAA19727
          for security-outgoing; Wed, 20 Sep 1995 09:42:58 -0700
Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA19722
          for <freebsd-security@FreeBSD.org>; Wed, 20 Sep 1995 09:42:43 -0700
Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1])
	by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id SAA04473
	; Wed, 20 Sep 1995 18:41:30 +0200
Received: from (uucp@localhost)
	by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id SAA09870
	; Wed, 20 Sep 1995 18:41:30 +0200
Received: (from roberto@localhost) by keltia.Freenix.FR (8.7/keltia-uucp-2.5) id JAA18979; Wed, 20 Sep 1995 09:20:51 +0200 (MET DST)
From: Ollivier Robert <roberto@keltia.Freenix.FR>
Message-Id: <199509200720.JAA18979@keltia.Freenix.FR>
Subject: Re: crack for freebsd
To: mark@grondar.za (Mark Murray)
Date: Wed, 20 Sep 1995 09:20:51 +0200 (MET DST)
Cc: clary@s4.elec.uq.edu.au, freebsd-security@FreeBSD.org
In-Reply-To: <199509200555.HAA03406@grumble.grondar.za> from "Mark Murray" at Sep 20, 95 07:55:38 am
X-Operating-System: FreeBSD 2.2-CURRENT ctm#1085
X-Mailer: ELM [version 2.4 PL24 ME7a+]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.org
Precedence: bulk

It seems that Mark Murray said:
> Any version of crack will work, as long as you link against FreeBSD's
> -lcrypt. This libriary is a link to the current encryption scheme, so
> upgrading libcrypt  MD5 -> DES will be transparent to all apps (including
> crack).

Hmm,  you'll have  to deal  with  longer-than-2-characters salt  and a much
longer password. And  the structure of  the encrypted password is different
(magic # and  separators). Here  is the  code  I used  for my  su-like tool
(gives root priv. to some persons -- written in a list  -- with the guy own
password).

#ifdef __FreeBSD__                  /* cope with MD5 based crypt(3) */
        if (!strncmp (calife->pw_passwd, "$1$", 3)) /* MD5 */
        {
            char * pp = (char *) xalloc (1, strlen (calife->pw_passwd) + 1);
            char * md5_salt;
            char * md5_pass;
            
            strcpy (pp, calife->pw_passwd + 3);
            md5_salt = strtok (pp, "$");
            md5_pass = strtok (NULL, "$");
            
            if (md5_pass == NULL || 
                md5_salt == NULL ||
                (strlen (md5_salt) > 8))   /* garbled password */
            {
                syslog (LOG_AUTH | LOG_ERR, "GARBLED PASSWORD %s to unknown %s on %s", name, user_to_be, tty);
                fprintf (stderr, "Bad password string.\n");
                fflush (stderr);
                exit (8);
            }
            MESSAGE_1 ("MD5 password found, salt=%s\n", md5_salt);
            strcpy (salt, md5_salt);            
            free (pp);
        }
        else
        {       
#endif /* !__FreeBSD__ */
            strncpy (salt, calife->pw_passwd, 2);
            salt [2] = '\0';
#ifdef __FreeBSD__
        }
#endif /* __FreeBSD__ */        

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
 FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995