Re: Storing of salt in freeradius
Hi Fajar, How did you generate that hash? md5sum of testpass doesn't return that value for me. On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote: On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote: Hi folks, Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help. In the event of using salted md5 hashes for passwords, where exactly does one store the salt? In the beginning of the password. There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. No special place needed. You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password testpass: Cleartext-Password := testpass MD5-Password := 179ad45c6ce2cb97cf1029e212046e81 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/ Crypt-Password := 122U0BPYjrauc MD5-Password does not have any salt. Crypt-Password in the first example has the salt $1$12345678$, with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long) Crypt-Password in the second example has the salt 12, with DES-based hash See also: http://freeradius.org/radiusd/man/rlm_pap.txt http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme http://id.php.net/manual/en/function.crypt.php -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Kind regards, Mark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
Nevermind this, found the solution. http://blog.sam-pointer.com/2010/01/26/md5sum-vs-phps-md5-function Thanks all. On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote: On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote: Hi folks, Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help. In the event of using salted md5 hashes for passwords, where exactly does one store the salt? In the beginning of the password. There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. No special place needed. You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password testpass: Cleartext-Password := testpass MD5-Password := 179ad45c6ce2cb97cf1029e212046e81 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/ Crypt-Password := 122U0BPYjrauc MD5-Password does not have any salt. Crypt-Password in the first example has the salt $1$12345678$, with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long) Crypt-Password in the second example has the salt 12, with DES-based hash See also: http://freeradius.org/radiusd/man/rlm_pap.txt http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme http://id.php.net/manual/en/function.crypt.php -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Kind regards, Mark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
On Wed, Jan 19, 2011 at 4:05 PM, Mark m...@edgewire.sg wrote: Hi Fajar, How did you generate that hash? md5sum of testpass doesn't return that value for me. the MD5-password? Probably due to new line effect. I created it using php's md5 function (http://php.net/manual/en/function.md5.php) $ echo ?=md5('testpass');?|php;echo 179ad45c6ce2cb97cf1029e212046e81 $ echo -n testpass | md5sum 179ad45c6ce2cb97cf1029e212046e81 - $ echo testpass | md5sum 0ba06b1790d48b9baf71162124a04685 - mysql select md5('testpass'); +--+ | md5('testpass') | +--+ | 179ad45c6ce2cb97cf1029e212046e81 | +--+ 1 row in set (0.14 sec) See the difference between second and third example? -- Fajar On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote: On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote: Hi folks, Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help. In the event of using salted md5 hashes for passwords, where exactly does one store the salt? In the beginning of the password. There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. No special place needed. You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password testpass: Cleartext-Password := testpass MD5-Password := 179ad45c6ce2cb97cf1029e212046e81 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/ Crypt-Password := 122U0BPYjrauc MD5-Password does not have any salt. Crypt-Password in the first example has the salt $1$12345678$, with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long) Crypt-Password in the second example has the salt 12, with DES-based hash See also: http://freeradius.org/radiusd/man/rlm_pap.txt http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme http://id.php.net/manual/en/function.crypt.php -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
Fajar A. Nugraha l...@fajar.net wrote: How did you generate that hash? md5sum of testpass doesn't return that value for me. the MD5-password? Probably due to new line effect. I created it using php's md5 function (http://php.net/manual/en/function.md5.php) ...the rest of us use the unlang xlat md5 feature. Cheers -- Alexander Clouter .sigmonster says: Cobol programmers are down in the dumps. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
Hi folks, Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help. In the event of using salted md5 hashes for passwords, where exactly does one store the salt? There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. Thanks in advance! Kind regards, Mark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote: Hi folks, Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help. In the event of using salted md5 hashes for passwords, where exactly does one store the salt? In the beginning of the password. There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. No special place needed. You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password testpass: Cleartext-Password := testpass MD5-Password := 179ad45c6ce2cb97cf1029e212046e81 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/ Crypt-Password := 122U0BPYjrauc MD5-Password does not have any salt. Crypt-Password in the first example has the salt $1$12345678$, with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long) Crypt-Password in the second example has the salt 12, with DES-based hash See also: http://freeradius.org/radiusd/man/rlm_pap.txt http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme http://id.php.net/manual/en/function.crypt.php -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
Mark wrote: In the event of using salted md5 hashes for passwords, where exactly does one store the salt? There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. The salt is stored in the same string as the hashed password. See wikipedia for descriptions of how salted passwords work, or man crypt. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Storing of salt in freeradius
Alan, Fajar, Thank you both for your help and advice on this. On 19-Jan-2011, at 3:14 PM, Alan DeKok wrote: Mark wrote: In the event of using salted md5 hashes for passwords, where exactly does one store the salt? There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated. The salt is stored in the same string as the hashed password. See wikipedia for descriptions of how salted passwords work, or man crypt. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Kind regards, Mark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html