[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tiger-devel] gen_passwd_sets and MD5 passwords for Linux
From: |
Nicolas François |
Subject: |
[Tiger-devel] gen_passwd_sets and MD5 passwords for Linux |
Date: |
Sat, 28 Jun 2003 22:55:53 +0200 |
User-agent: |
Mutt/1.5.4i |
Hello,
In the 'zappasswd' function of 'systems/Linux/2/gen_passwd_sets', MD5
passwords are recognized by this case pattern:
# For MD5 passwds (35 chars) starting with $1$ (Linux)
\$1\$[a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/][a-zA-Z0-9\.$/])
(the magic "$1$" and 32 times a char from [a-zA-Z0-9\.$/])
For gen_passwd_sets revisions prior to 1.4, the case pattern contained
only 34 chars, but the comment "# For MD5 passwds (35 chars) starting with
$1$ (Linux)" comes from the initial revision.
AFAIK, MD5 passwd are only 34 chars. (It is the case for all the Linux
/etc/shadow I checked).
According to man crypt:
GNU EXTENSION
The glibc2 version of this function has the following additional fea-
tures. If salt is a character string starting with the three charac-
ters "$1$" followed by at most eight characters, and optionally termi-
nated by "$", then instead of using the DES machine, the glibc crypt
function uses an MD5-based algorithm, and outputs up to 34 bytes,
namely "$1$<string>$", where "<string>" stands for the up to 8 charac-
ters following "$1$" in the salt, followed by 22 bytes chosen from the
set [a-zA-Z0-9./]. The entire key is significant here (instead of only
the first 8 bytes).
Does this means that the encrypted password can be less than 34 chars ?
Does the "\$1\$[a-zA-Z0-9./]{0,8}\$[a-zA-Z0-9./]{22}" regex should be
used?
By the way, does anybody know how to use a shorter bash case pattern?
(I'm dreaming of something like '\$1\$[a-zA-Z0-9./]{31}').
hth
--
Nekral
- [Tiger-devel] gen_passwd_sets and MD5 passwords for Linux,
Nicolas François <=