Re: Storing of salt in freeradius

2011-01-19 Thread Mark 
Hi Fajar,

How did you generate that hash? md5sum of testpass doesn't return that value 
for me.

On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote:

 On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote:
 Hi folks,
 
 Been trying to look for information on this but haven't been able to find 
 anything, prompting me to turn to the mailing list for help.
 
 In the event of using salted md5 hashes for passwords, where exactly does one 
 store the salt?
 
 In the beginning of the password.
  
 There doesn't seem to be a place within the FR config  to do that. Any advice 
 would be much appreciated.
 
 
 No special place needed.
 
 You're probably confusing MD5-Password and Crypt-Password (which in turn can 
 use MD5 hash). For example, if you use PAP, these three attributes will allow 
 access when user enter password testpass:
 
 Cleartext-Password := testpass
 MD5-Password := 179ad45c6ce2cb97cf1029e212046e81
 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/
 Crypt-Password := 122U0BPYjrauc
 
 MD5-Password does not have any salt.
 Crypt-Password in the first example has the salt $1$12345678$, with 
 MD5-based hash (crypted passwords have the hash in front of them, which for 
 MD5 starts with $1$ and is 12 characters long)
 Crypt-Password in the second example has the salt 12, with DES-based hash
 
 See also:
 http://freeradius.org/radiusd/man/rlm_pap.txt
 http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme
 http://id.php.net/manual/en/function.crypt.php
 
 -- 
 Fajar
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Kind regards,

Mark

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-19 Thread Mark 
Nevermind this, found the solution.

http://blog.sam-pointer.com/2010/01/26/md5sum-vs-phps-md5-function

Thanks all.

On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote:

 On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote:
 Hi folks,
 
 Been trying to look for information on this but haven't been able to find 
 anything, prompting me to turn to the mailing list for help.
 
 In the event of using salted md5 hashes for passwords, where exactly does one 
 store the salt?
 
 In the beginning of the password.
  
 There doesn't seem to be a place within the FR config  to do that. Any advice 
 would be much appreciated.
 
 
 No special place needed.
 
 You're probably confusing MD5-Password and Crypt-Password (which in turn can 
 use MD5 hash). For example, if you use PAP, these three attributes will allow 
 access when user enter password testpass:
 
 Cleartext-Password := testpass
 MD5-Password := 179ad45c6ce2cb97cf1029e212046e81
 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/
 Crypt-Password := 122U0BPYjrauc
 
 MD5-Password does not have any salt.
 Crypt-Password in the first example has the salt $1$12345678$, with 
 MD5-based hash (crypted passwords have the hash in front of them, which for 
 MD5 starts with $1$ and is 12 characters long)
 Crypt-Password in the second example has the salt 12, with DES-based hash
 
 See also:
 http://freeradius.org/radiusd/man/rlm_pap.txt
 http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme
 http://id.php.net/manual/en/function.crypt.php
 
 -- 
 Fajar
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Kind regards,

Mark

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-19 Thread Fajar A. Nugraha 
On Wed, Jan 19, 2011 at 4:05 PM, Mark m...@edgewire.sg wrote:

 Hi Fajar,

 How did you generate that hash? md5sum of testpass doesn't return that
 value for me.


the MD5-password? Probably due to new line effect. I created it using php's
md5 function (http://php.net/manual/en/function.md5.php)

$ echo ?=md5('testpass');?|php;echo
179ad45c6ce2cb97cf1029e212046e81
$ echo -n testpass | md5sum
179ad45c6ce2cb97cf1029e212046e81  -
$ echo testpass | md5sum
0ba06b1790d48b9baf71162124a04685  -

mysql select md5('testpass');
+--+
| md5('testpass')  |
+--+
| 179ad45c6ce2cb97cf1029e212046e81 |
+--+
1 row in set (0.14 sec)

See the difference between second and third example?

-- 
Fajar



 On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote:

 On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote:

 Hi folks,

 Been trying to look for information on this but haven't been able to find
 anything, prompting me to turn to the mailing list for help.

 In the event of using salted md5 hashes for passwords, where exactly does
 one store the salt?


 In the beginning of the password.


 There doesn't seem to be a place within the FR config  to do that. Any
 advice would be much appreciated.


 No special place needed.

 You're probably confusing MD5-Password and Crypt-Password (which in turn
 can use MD5 hash). For example, if you use PAP, these three attributes will
 allow access when user enter password testpass:

 Cleartext-Password := testpass
 MD5-Password := 179ad45c6ce2cb97cf1029e212046e81
 Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/
 Crypt-Password := 122U0BPYjrauc

 MD5-Password does not have any salt.
 Crypt-Password in the first example has the salt $1$12345678$, with
 MD5-based hash (crypted passwords have the hash in front of them, which for
 MD5 starts with $1$ and is 12 characters long)
 Crypt-Password in the second example has the salt 12, with DES-based hash

 See also:
 http://freeradius.org/radiusd/man/rlm_pap.txt
 http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme
 http://id.php.net/manual/en/function.crypt.php

 --
 Fajar
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-19 Thread Alexander Clouter 
Fajar A. Nugraha l...@fajar.net wrote:

 How did you generate that hash? md5sum of testpass doesn't return that
 value for me.


 the MD5-password? Probably due to new line effect. I created it using php's
 md5 function (http://php.net/manual/en/function.md5.php)

...the rest of us use the unlang xlat md5 feature.

Cheers

-- 
Alexander Clouter
.sigmonster says: Cobol programmers are down in the dumps.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-18 Thread Mark 
Hi folks,

Been trying to look for information on this but haven't been able to find 
anything, prompting me to turn to the mailing list for help.

In the event of using salted md5 hashes for passwords, where exactly does one 
store the salt? There doesn't seem to be a place within the FR config  to do 
that. Any advice would be much appreciated.

Thanks in advance!

Kind regards,

Mark


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-18 Thread Fajar A. Nugraha 
On Wed, Jan 19, 2011 at 12:39 PM, Mark m...@edgewire.sg wrote:

 Hi folks,

 Been trying to look for information on this but haven't been able to find
 anything, prompting me to turn to the mailing list for help.

 In the event of using salted md5 hashes for passwords, where exactly does
 one store the salt?


In the beginning of the password.


 There doesn't seem to be a place within the FR config  to do that. Any
 advice would be much appreciated.


No special place needed.

You're probably confusing MD5-Password and Crypt-Password (which in turn can
use MD5 hash). For example, if you use PAP, these three attributes will
allow access when user enter password testpass:

Cleartext-Password := testpass
MD5-Password := 179ad45c6ce2cb97cf1029e212046e81
Crypt-Password := $1$12345678$duTc/02K9TK/XCYFyofbZ/
Crypt-Password := 122U0BPYjrauc

MD5-Password does not have any salt.
Crypt-Password in the first example has the salt $1$12345678$, with
MD5-based hash (crypted passwords have the hash in front of them, which for
MD5 starts with $1$ and is 12 characters long)
Crypt-Password in the second example has the salt 12, with DES-based hash

See also:
http://freeradius.org/radiusd/man/rlm_pap.txt
http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme
http://id.php.net/manual/en/function.crypt.php

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-18 Thread Alan DeKok 
Mark wrote:
 In the event of using salted md5 hashes for passwords, where exactly does one 
 store the salt? There doesn't seem to be a place within the FR config  to do 
 that. Any advice would be much appreciated.

  The salt is stored in the same string as the hashed password.  See
wikipedia for descriptions of how salted passwords work, or man crypt.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Storing of salt in freeradius

2011-01-18 Thread Mark 
Alan, Fajar,

Thank you both for your help and advice on this.

On 19-Jan-2011, at 3:14 PM, Alan DeKok wrote:

 Mark wrote:
 In the event of using salted md5 hashes for passwords, where exactly does 
 one store the salt? There doesn't seem to be a place within the FR config  
 to do that. Any advice would be much appreciated.
 
  The salt is stored in the same string as the hashed password.  See
 wikipedia for descriptions of how salted passwords work, or man crypt.
 
  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Kind regards,

Mark


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html