Re: Creating Encrypted Passwords

Mon, 24 Sep 2001 08:05:15 -0700 

Ian Marchak wrote:
% Quoting Kurt Wall <[EMAIL PROTECTED]>:
% 
% > Hi, list,
% > 
% > Anyone out there know of a way on a stock Red Hat (or other) system to
% > generate MD5-compatible encrypted passwords for use with useradd
% > (see useradd -p)? I've hacked up a little program to call crypt(3),
% > but would prefer to use MD5 passwords.
% 
% You couldn't use htpasswd from apache to do this could you?  It has a '-m' 
% switch to force md5 encryption.  

I gave it a whirl and, no, I can't. htpasswd uses a modified version
of the MD5 algorithm that appears to be incompatible with the MD5
generator RH uses. Moreover, htpasswd generates 38-character
passwords and the MD5 generator used by RH spits out 35-character
passwords. Here's the process I used:

[root]# useradd -p $(htpasswd -bnm luser password | cut -f2 -d:) luser
[root]# grep luser /etc/shadow
luser:$apr1$UMb2....$ia9UPVUuRntwqKaqTyWow0:11589:0:99999:7:::

Account creation succeeded. Login failed:

[kwall]$ su - luser
Password: [typed "password"]
su: incorrect password

Now, after deleting luser, I used useradd and passwd to create the
same account with the same password:

[root]# useradd luser
[root]# useradd luser
[root]# passwd luser
Changing password for user luser
New password: [typed "password"]
BAD PASSWORD: it is based on a dictionary word
Retype new password: [typed "password"]
passwd: all authentication tokens updated successfully
[root]# grep luser /etc/shadow
luser:$1$Sg6YzLZH$2mmXmlZgRSC2l28cNTcSs0:11589:0:99999:7:::

Account creation succeeded. Login succeeded, too:

[kwall]$ su - luser
Password: [typed "password"]
[luser]$ 

Note the different lengths and the rather different characteristics of
the /etc/shadow entries.

htpasswd:  $apr1$UMb2....$ia9UPVUuRntwqKaqTyWow0
RH passwd: $1$Sg6YzLZH$2mmXmlZgRSC2l28cNTcSs0

Oh, well. Thanks just the same. Oh, and for you script kiddies out
there, this account doesn't exist, so don't even bother.

Blessed be,

Kurt
-- 
The bug stops here.
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users

Reply via email to