Date: Mon, 11 Mar 1996 12:56:36 -0800 (PST) From: -Vince- <vince@apollo.COSC.GOV> To: Dmitry Kohmanyuk <dk@snark.ukma.kiev.ua> Cc: sia@jriver.com, sia@nest.org, bag@ua.net, freebsd-hackers@FreeBSD.org, stesin@elvisti.kiev.ua Subject: Re: libcrypt patch to allow mixed DES/MD5 passwords Message-ID: <Pine.BSF.3.91.960311125607.335B-100000@apollo.COSC.GOV> In-Reply-To: <199603111747.TAA17678@snark.ukma.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Mar 1996, Dmitry Kohmanyuk wrote: Is there anyway to make a system with DES passwords back into a MD5 system? Cheers, -Vince- vince@COSC.GOV - GUS Mailing Lists Admin - http://www.COSC.GOV/~vince UC Berkeley AstroPhysics - Electrical Engineering (Honorary B.S.) Chabot Observatory & Science Center - Board of Advisors Running FreeBSD - Real UN*X for Free! Linda Wong/Vivian Chow/Hacken Lee/Danny Chan/Priscilla Chan Fan Club Mailing Lists Admin > Hi hackers, > > Following are 2 patches for descrypt which make it fallback to > md5 crypt if the salt begins with a '$'. > > the patches are against 2.1-RELEASE lib and secure distributions; > they are relative to $src/lib/libcrypt and $src/secure/lib/libcrypt > sorry for broken $Id$s; you can always fix the patch by hand. > > you need to remove old /usr/lib/libcrypt* symlinks and do a `make install' > in secure/lib/libcrypt > > you need to rebuild init (in secure) afterwards or otherwise you wouldn't be able > to login to secure console in single-user if you change the password > to DES-encrypted. > > I have noticed that xdm stopped working; I hope to fix that soon. > > I am running these patches since February 24th on our 7-machine LAN > (FreeBSD as NIS server, Solaris and Linux as NIS clients, diskless > FreeBSD 4Mb boxes as X terminals) with no problems apart from xdm > I've mentioned. > > You can't use MD5 passwords on other systems until you patch theirs > libc, obvious. And even after that you can't fix all the static buffers. > > All new passwords would be DES-encrypted unless you change passwd(1) > or yppasswd(1) (same on FreeBSD, other program on other systems) > to make '$1$text' to be your salt. > > It was just very helpful to merge 2 password databases without causing > half of users to change their passwords. > > please feedback to me directly since I don't read -hackers after > my home disk crash. > > cheers, > Dmitry. > > lib-libcrypt.diff > secure-libcrypt.diff > > diff -ru lib/libcrypt/crypt.c ./crypt.c > --- lib/libcrypt/crypt.c Tue May 30 08:42:22 1995 > +++ ./crypt.c Mon Mar 11 18:04:50 1996 > @@ -40,7 +40,11 @@ > */ > > char * > +#ifdef SCRYPT > +scrypt(pw, salt) > +#else > crypt(pw, salt) > +#endif > register const char *pw; > register const char *salt; > { > > > diff -ru secure/lib/libcrypt/Makefile ./Makefile > --- secure/lib/libcrypt/Makefile Sat Aug 27 02:31:11 1994 > +++ ./Makefile Mon Mar 11 18:25:39 1996 > @@ -1,5 +1,5 @@ > # > -# $Id: Makefile,v 1.7 1994/08/26 23:31:11 wollman Exp $ > +# $Id: Makefile,v 1.1 1996/02/24 15:54:31 dk Exp dk $ > # > > LCRYPTBASE= libcrypt > @@ -9,8 +9,10 @@ > LDCRYPTBASE= libdescrypt > LDCRYPTSO= $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR) > > +.PATH: ${.CURDIR}/../../../lib/libmd > LIB= descrypt > -SRCS= crypt.c > +SRCS= crypt.c scrypt.c md5c.c > +CFLAGS+= -I${.CURDIR}/../../../libmd -DSCRYPT > PRECIOUSLIB= yes > > #MAN3= crypt.3 > @@ -22,6 +24,9 @@ > > test: > cd test ; make test ; make clean > + > +scrypt.c: > + ln -s ${.CURDIR}/../../../lib/libcrypt/crypt.c scrypt.c > > > .include <bsd.lib.mk> > diff -ru secure/lib/libcrypt/crypt.c ./crypt.c > --- secure/lib/libcrypt/crypt.c Tue May 30 09:11:46 1995 > +++ ./crypt.c Sat Feb 24 18:11:53 1996 > @@ -32,7 +32,7 @@ > * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > * SUCH DAMAGE. > * > - * $Id: crypt.c,v 1.6 1995/05/30 06:11:46 rgrimes Exp $ > + * $Id: crypt.c,v 1.1 1996/02/24 16:06:00 dk Exp dk $ > * > * This is an original implementation of the DES and the crypt(3) interfaces > * by David Burren <davidb@werj.com.au>. > @@ -63,6 +63,10 @@ > # include <stdio.h> > #endif > > +#ifdef SCRYPT > +extern char *scrypt(char *, char *); > +#endif > + > /* We can't always assume gcc */ > #ifdef __GNUC__ > #define INLINE inline > @@ -588,6 +592,11 @@ > u_long count, salt, l, r0, r1, keybuf[2]; > u_char *p, *q; > static u_char output[21]; > + > +#ifdef SCRYPT > + if (setting[0] == '$') > + return(scrypt(key, setting)); > +#endif > > if (!des_initialised) > des_init(); > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960311125607.335B-100000>