I'm curious about how the hash in /etc/passwd is generated.
I know it's SHA512 based, since the 2nd field starts with $6$. But the characters that follow aren't a SHA512 hash. It looks like it was run through base64.
I read this: http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ But Fedora doesn't have mkpasswd by default, whereas passwd seems to only update shadow rather than outputting to stdout. And if there's a salt used I can't tell how that would be referenced.
Thanks,
On 02/21/2015 06:07 PM, Chris Murphy wrote:
I'm curious about how the hash in /etc/passwd is generated.
I know it's SHA512 based, since the 2nd field starts with $6$. But the characters that follow aren't a SHA512 hash. It looks like it was run through base64.
I read this: http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ But Fedora doesn't have mkpasswd by default, whereas passwd seems to only update shadow rather than outputting to stdout. And if there's a salt used I can't tell how that would be referenced.
Thanks,
Why not just download http://mirrors.kernel.org/fedora/releases/21/Everything/source/SRPMS/p/asswd...
and read the source code :) There are macros you will need to look at as well
On Sat, Feb 21, 2015 at 6:32 PM, jd1008 jd1008@gmail.com wrote:
Why not just download http://mirrors.kernel.org/fedora/releases/21/Everything/source/SRPMS/p/asswd... and read the source code :) There are macros you will need to look at as well
I've already looked at passwd.c before asking.
On Sat, Feb 21, 2015 at 06:07:18PM -0700, Chris Murphy wrote:
I read this: http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ But Fedora doesn't have mkpasswd by default, whereas passwd seems to only update shadow rather than outputting to stdout. And if there's a salt used I can't tell how that would be referenced.
It's generated by the crypt function in glibc — man 3 crypt, and scroll down to the "Glibc notes" section. Although I didn't dig further, that says that the characters in the resulting string are drawn from the set [a-zA-Z0-9./]; I assume that it's the same number as would be found in a sha512sum hash, except mapped to that instead of represented as a long hexadecimal number. (If you do want to dig further, I suppose sha512-crypt.c is the place to look.)
If you want to generate such a string yourself, using the crypt function seems like the easiest way (of course using the python crypt module or whatever).
On Sat, Feb 21, 2015 at 11:58 PM, Matthew Miller mattdm@fedoraproject.org wrote:
On Sat, Feb 21, 2015 at 06:07:18PM -0700, Chris Murphy wrote:
I read this: http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ But Fedora doesn't have mkpasswd by default, whereas passwd seems to only update shadow rather than outputting to stdout. And if there's a salt used I can't tell how that would be referenced.
It's generated by the crypt function in glibc — man 3 crypt, and scroll down to the "Glibc notes" section. Although I didn't dig further, that says that the characters in the resulting string are drawn from the set [a-zA-Z0-9./]; I assume that it's the same number as would be found in a sha512sum hash, except mapped to that instead of represented as a long hexadecimal number. (If you do want to dig further, I suppose sha512-crypt.c is the place to look.)
If you want to generate such a string yourself, using the crypt function seems like the easiest way (of course using the python crypt module or whatever).
That's it. Thanks!
So there is a salt listed in /etc/shadow, and 5000 rounds of SHA512 are used by default according to sha512-crypt.c. The number of rounds can be changed in /etc/pam.d/passwd.
Curiously, Anaconda calls authconfig to create the key, and the resulting shadow entry contains a 16 character salt. Whereas passwd uses an 8 character salt.
Hi,
On 02/22/2015 01:23 PM, Chris Murphy wrote:
On Sat, Feb 21, 2015 at 11:58 PM, Matthew Miller <mattdm@fedoraproject.org mailto:mattdm@fedoraproject.org> wrote:
On Sat, Feb 21, 2015 at 06:07:18PM -0700, Chris Murphy wrote:
I read this: http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ But Fedora doesn't have mkpasswd by default, whereas passwd seems to only update shadow rather than outputting to stdout. And if there's a salt used I can't tell how that would be referenced.
It's generated by the crypt function in glibc — man 3 crypt, and scroll down to the "Glibc notes" section. Although I didn't dig further, that says that the characters in the resulting string are drawn from the set [a-zA-Z0-9./]; I assume that it's the same number as would be found in a sha512sum hash, except mapped to that instead of represented as a long hexadecimal number. (If you do want to dig further, I suppose sha512-crypt.c is the place to look.)
If you want to generate such a string yourself, using the crypt function seems like the easiest way (of course using the python crypt module or whatever).
That's it. Thanks!
So there is a salt listed in /etc/shadow, and 5000 rounds of SHA512 are used by default according to sha512-crypt.c. The number of rounds can be changed in /etc/pam.d/passwd.
Curiously, Anaconda calls authconfig to create the key, and the resulting shadow entry contains a 16 character salt. Whereas passwd uses an 8 character salt.
Do you happen to know if there's a pre-built version of John-the-Ripper or another password testing program that's available and works with these new passwords?
Thanks, Alex
On Sun, Feb 22, 2015 at 5:01 PM, Alex Regan mysqlstudent@gmail.com wrote:
Do you happen to know if there's a pre-built version of John-the-Ripper or another password testing program that's available and works with these new passwords?
I don't know that this is all that new. It's also self-describing, the /etc/shadow entry contains the 8 or 16 character salt, so whatever's doing the password+salt+SHA512rounds work knows from /etc/shadow what to do. And if rounds= is used in /etc/pam.d/passwd, the next time you use passwd, it writes out $rounds=x$ in the 2nd field in /etc/shadow, so that too is self describing. I'd expect that jtr can directly parse these variants in /etc/passwd, but I haven't tested it.
On Sun, Feb 22, 2015 at 11:23:45AM -0700, Chris Murphy wrote:
Curiously, Anaconda calls authconfig to create the key, and the resulting shadow entry contains a 16 character salt. Whereas passwd uses an 8 character salt.
Huh, that is curious. I assume we really want to be using the 16-char salt everywhere -- bug against passwd, I guess.
On Sun, Feb 22, 2015 at 10:36 PM, Matthew Miller mattdm@fedoraproject.org wrote:
On Sun, Feb 22, 2015 at 11:23:45AM -0700, Chris Murphy wrote:
Curiously, Anaconda calls authconfig to create the key, and the resulting shadow entry contains a 16 character salt. Whereas passwd uses an 8 character salt.
Huh, that is curious. I assume we really want to be using the 16-char salt everywhere -- bug against passwd, I guess.
https://bugzilla.redhat.com/show_bug.cgi?id=1195110
I've also mentioned it on security@ list.
-
Alex -
Chris Murphy -
JD -
Matthew Miller