Date: Sat, 5 Jan 2002 17:45:39 -0500 From: Bill Vermillion <bv@wjv.com> To: security@FreeBSD.ORG Subject: Re: MS5 salt password generation Message-ID: <20020105224539.GA38820@wjv.com> In-Reply-To: <bulk.36736.20020105131821@hub.freebsd.org> References: <bulk.36736.20020105131821@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Sat, 5 Jan 2002 19:39:39 +0000 > From: Rik <freebsd-security@rikrose.net> > Subject: Re: MS5 password salt calculation > > I've been thinking about this Modulær Crypt Format, and wondering what > it's capable of, and where the docs are for it... > > On Sun, Dec 30, 2001 at 01:38:54AM -0500, Bill Vermillion wrote: > > You can't say that $1$ 'caught on' as that's the way it is defined > > to indicate what follows. The $1$ indicates the following is an MD5. > > I was looking for the docs the other day, and from memory if the > > first characters are $5$, then that indicates that the following > > string would be blowfish encryption. You should also not that the > > next $ is the salt separator, and on my system there are typically 8 > > digits after $1$ and before the next $, for 2trillion+ salts. > > I've mailed Bill, and he doesn't know of any *good* docs about it. The > best I've found is man 3 crypt, and the best Google can find is more > copies of man 3 crypt, usually out of date. > Are there any better docs about Modular Crypt Format (to give it the > proper title). > The man page says: If the salt begins with the string $digit$ > then the Modular Crypt Format is used. The digit represents which > algorithm is used in encryption. > But in what way does it represent it? Is there a lookup table > somewhere? If so, where? The "currently supported algorithms list" > on the man page says $1$ == MD5 and $2$ == Blowfish. Assuming > blowfish works, then if I ran perl -le 'print crypt( "meow", > "\$2\$SALT" )' ought to yield a blowfish crypted password, > shouldn't it? It doesn't, AFAICS. I had thought I had remember that $5$ was blowfish. That may have been in some docs a friend sent me now that I think about it, and you are correct that blowish is the $2$. I don't know enough about what you are doing to tell you if you are right or not - but I changed the encryption on my system for each of the methods and changed passwords to generate a new pw. This is what I get From my master.passwd file I get this for an account called fp DES encrypted: fp:i6v76dyNQzwjA:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 Blowfish encrypted: fp:$2a$04$.d4.6FZpPIj9GC6DRIRDUuJhPWGP059OmLP2IxSgTQ11LWHVGxxbu:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 And MD5 encrypted: fp:$1$cdTdrg6t$mk4TW.xk15XFoygp1S3UQ1:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 So the Blowfish has a $2a$ Actually a single $ is the delimeter. So the blf is 2a, and MD5 is 1. If the password string starts with $ the data up to the next is the type of encryption, and the data to the next is salt, and you know the lenght of the salt from the number of characters between the two $. Then the remainging string up the the : is the encrypted password. So MD5 uses a much larger salt, but blowish generates a much long encrypted key, 52 vs 22. I have no docs but >if< the salt is only 2 characters in blowfish - assuming it works as does MD5 - the even with the longer encrypted key you could easily encode a dictionary with 4096 keys in a reasonable lenght of time vs one with 2+ trillion. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020105224539.GA38820>