crypt and passwords

Derek Martin invalid at pizzashack.org
Fri Aug 22 18:30:02 EDT 2003 

On Fri, Aug 22, 2003 at 04:54:29PM -0400, David Kramer wrote:
> I pass them on the command line so I can play with it until I see it work.
> 
> 
> #define _XOPEN_SOURCE
> #include <unistd.h>
> 
> int main(int argc, char* argv[])
> {
>   char* encrypted;
> 
>   encrypted=crypt(argv[1],argv[2]);
> 
>   if(encrypted)
>     {
>       printf("crypt(%s,%s)='%s'\n",argv[1],argv[2],encrypted);
>     }
>   else
>     {
>       printf("crypt failed.\n");
>     }
> 
> }

Code is pretty straightforward.  Though your coding style... well,
reminds me of a great quote from Linus:

  First off, I'd suggest printing out a copy of the GNU coding
  standards, and NOT read it.  Burn them, it's a great symbolic
  gesture. 

<grin>

[See /usr/src/linux*/Documentation/CodingStyle]

> Note: This is a MODIFIED version of my encrypted password, but I
> used the real thing:

Reasonable enough.

> [david at uni crypt]$ sudo grep david /etc/shadow
> david:$1$FOOWOmC8$FOOldOczYfmtvz5PsXyY5/:12023:0:99999:7:::
> 
> [david at uni crypt]$ ./cryptprint '$1$FOOWOmC8$' 'FOOldOczYfmtvz5PsXyY5/'
> crypt($1$FOOWOmC8$,FOOldOczYfmtvz5PsXyY5/)='bmSTpBK8h2lrE'
> 
> [david at uni crypt]$ ./cryptprint '$1$FOOWOmC8$' 'myrealpassword'
> crypt($1$xTxWOmC8$,myrealpassword)='FOO/XEaUQQYMU'
> 
> What comes out doesn't seem to match anything.

I see two problems.

1. You are passing the salt and the key in the wrong order.
2. At least in the first case, you seem to want it to spit out the
   unencrypted password.  That's not possible.  It's a one-way hash
   function.

    NAME
           crypt - password and data encryption
    
    SYNOPSIS
           #define _XOPEN_SOURCE
           #include <unistd.h>
    
           char *crypt(const char *key, const char *salt);
    
    DESCRIPTION
    
           crypt  is  the  password  encryption function.  It is based on
           the Data Encryption Standard algorithm with  variations
           intended (among  other things)  to discourage use of hardware
           implementations of a key search.
    
           key is a user's typed password.
 
So, if you instead try this:

 $ ./cryptprint 'myrealpassword' '$1$FOOWOmC8$' 

...you should get something that matches the encrypted password in
your passwd file entry.  Hopefully.  ;-)

If you don't, I'll note that the feature you're relying on is a GNU
extension.  You might try not #define-ing _XOPEN_SOURCE, and see if
that makes a difference.  You might even #define _GNU_SOURCE instead.
I doubt either will matter much though.  I'm too lazy to look in the
include files to see if that does anything useful...

I think I had one other comment, but if I did, it seems to have run
away.  Sigh.

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030822/e642234f/attachment.sig>

More information about the Discuss mailing list