From owner-freebsd-security Tue Feb 18 06:45:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA07459 for security-outgoing; Tue, 18 Feb 1997 06:45:05 -0800 (PST) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA07438 for ; Tue, 18 Feb 1997 06:44:54 -0800 (PST) Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id PAA01193; Tue, 18 Feb 1997 15:46:01 +0100 (MET) From: Mikael Karpberg Message-Id: <199702181446.PAA01193@ocean.campus.luth.se> Subject: Re: blowfish passwords in FreeBSD To: mark@grondar.za (Mark Murray) Date: Tue, 18 Feb 1997 15:46:01 +0100 (MET) Cc: security@freebsd.org In-Reply-To: <199702180616.IAA05643@grackle.grondar.za> from Mark Murray at "Feb 18, 97 08:16:25 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk According to Mark Murray: > Mikael Karpberg wrote: [... About how crypt should fail if it doesn't find the encryption lib...] > > > > a string like "****************", which is not likely to match > > > > anything, or simply return NULL. > > > > > > _*MAJOR*_ security hole. Do you want an algorithm that you can break in > > > with straight away? This is it. The essence of crypt is that you are > > > _*NOT*_ allowed to deduce the password from the output. > > > > Just a suggestion. Returning NULL may NOT be the brightest of ideas, > > I guess. > > That would just clear the way for some nice random segfaults. :-) > > However, I don't see how returning something like "************" could in > > any way result in a security hole. Crypt can not normally return such > > It provides a way of getting crypt tp provide a given output given no > knowledge of the input. Crypt's strength is its very _unpredictable_ > outputs, and the fact that you _cannot_ produce a given output by > manipulating the inputs. I must say, I have NO idea how you mean this. Either you are very confused, or I am very confused. One of the two, and I don't know which. :-) First of all, so what is crypt returns something predictable for a certain input? Crypt's strength might be that you can't get the output you want by tweaking th input, BUT... what has that got to do with it? The point is that even if you know you can get crypt to return "************", it's really not going to do you any good, is it? If you could, by just entering a certain password, make crypt produce that string (and you couldn't. You would need to also set the salt, etc, meaning you have to write a c program to do it. And why bother comparing strings, then, when you can just succeed?) it would do you no good at all, since login (or whatever program you use for trying to hack root) would compare the output against the password in the /etc/master.passwd file, and that will never _be_ "***********", so you will never get a match anyway, and failing a match, login will be refused. Where did I err in thinking this (if I did)? Second, after some "research" (actually reading the manpage for crypt) I found this in crypt's manpage: "The function crypt() returns a pointer to the encrypted value on success and NULL on failure." Note: Or NULL on failure. I didn't think it could return that. That changes things; it _is_ TRT to return NULL if you don't find the lib for a choosen encryption. So that should be the end of that. :-) > > a string, or can it? I may be wrong, but I've always been taught to put an > > asterisk fisrt in people's passwords to keep them from logging in. Well, > > I just put one asterisk there, not a whole bunch. So it can't match that. > > And it you import a passwd entry with an unknown encryption name, then > > crypt will just return "**************", which will not match the hashed > > password for that entry, and therefor the person simply can not log in. > > No, but someone just has to crash crypt() in the same way to get the same > output. Bingo! they are in. How do you crash crypt? And what do you gain from making it reutn "**********" when that will never match anything? Hmmm.... > > At least not until you install that encryption. Then people change their > > password with "passwd", you could just use the crypt protocol chosen in > > /etc/crypt/conf (or whatever it would be called). Did I miss something? > > Yup! I don't think so... Or I'm dumb enough not to notice. :-) /Mikael