Re: [twsocket] MD5 passwords
Hi Arno, Great, after reading the header, this is actually what i was looking for! I will let you know how it worked out.. Thanks for the help! Best regards, Ruud Kerstens -- From: "Arno Garrels" Sent: Sunday, November 22, 2009 7:54 PM To: "ICS support mailing" Subject: Re: [twsocket] MD5 passwords Ruud Kerstens wrote: Ok, I will go and read it. anyway, thanks for your replies, lets see if i can find any solution, if so i will let you know! Looks like porting this stuff to delphi would do the trick: https://www.codeblog.org/viewsrc/glibc-2.6.1/crypt/md5-crypt.c From a brief look, OverbyteIcsMD5.pas seems to include all MD5 stuff needed. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Ruud Kerstens wrote: > Ok, I will go and read it. > > anyway, thanks for your replies, lets see if i can find any solution, > if so i will let you know! Looks like porting this stuff to delphi would do the trick: https://www.codeblog.org/viewsrc/glibc-2.6.1/crypt/md5-crypt.c >From a brief look, OverbyteIcsMD5.pas seems to include all MD5 stuff needed. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
> I also know there are different options, like using --des for des > encryption. and also --md5 for md5 way of encrypting. and a --check > option to check the password. > > MD5-based scheme > http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme > What ever it is, it's not supported by ICS (currently). There is a free TDESCrypt component that encrypts a given input string by using DES. The code has been translated from crypt.c (Unix GNU Library). The component allows user names and passwords to be encoded into a format suitable for use with UNIX systems, in particular for the Apache web server running on UNIX to restrict access to your web site. TTDESCrypt always creates passwords 14 bytes long (base64 encoded), of which the first two are the user supplied SALT (usually the first two characters of the account name). http://www.magsys.co.uk/delphi/unixcrypt.asp This is not the same as MD5, but may help. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
For who cares about it, its called "freeBSD md5 crypt" or "unix md5 crypt". some text i had lying around MD5 crypt was written by Poul-Henning Kamp for FreeBSD. The main reason for using MD5 was to avoid problems with American export prohibitions on cryptographic products, and to allow for a longer password length than the 8 characters used by DES crypt. The password length is restricted only by MD5's maximum message size of 264 bits. The salt can vary from 12 to 48 bits. MD5 crypt hashes the password and salt in a number of different combinations to slow down the evaluation speed. Some steps in the algorithm make it doubtful that the scheme was designed from a cryptographic point of view--for instance, the binary representation of the password length at some point determines which data is hashed, for every zero bit the first byte of the password and for every set bit the first byte of a previous hash computation. The output is the concatenation of the version identifier ``$1$'', the salt, a ``$'' separator, and the 128-bit hash output. MD5 crypt places virtually no limit on the size of passwords, while bcrypt has a maximum of 55 bytes. We do not consider this a serious limitation of bcrypt, however. Not only are users unlikely to choose such long passwords, but if they did, MD5 crypt's 128-bit output size would become the limiting factor in security. A brute force attacker could more easily find short strings hashing to the same value as a user's password than guess the actual password. Finally, like DES crypt, MD5 crypt has fixed cost. On Sat, 21 Nov 2009 20:24:16 +0100, Ruud Kerstens wrote: the password 'test' should generate : $1$/mMVthpE$sgNAe9PaR0ORB1YCc1CVq1 The server i need these hashed passwords for is freeradius, however on that site is no real information about this. As you can see the $1$ seems to tell the server it is encrypted, as i understood. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
well, i created the string with a linux-tool on the radius-server (freeradius). It is used as: cryptpasswd --md5 . Free pascal has a unit that does exactly what your posted perlscript code does http://florianklaempfl.de:8000/fpctrunk/file/70e283550952/packages/hash/src/unixcrypt.pas#l1 But, as the perl script, uses an imported crypt function. You just need to import it from the same dll Perl use. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Ok, I will go and read it. anyway, thanks for your replies, lets see if i can find any solution, if so i will let you know! Have a nice weekend!! Ruud Kerstens -- From: "Arno Garrels" Sent: Saturday, November 21, 2009 11:22 PM To: "ICS support mailing" Subject: Re: [twsocket] MD5 passwords Ruud Kerstens wrote: Well, i actually do not know, you could be right, i really do not know... I also know there are different options, like using --des for des encryption. and also --md5 for md5 way of encrypting. and a --check option to check the password. I guess it really is some encryption, but why do they name it MD5 hash.. In the perl-script is a line mentioning salt and some characters to be used for encryption.. I just found this description on internet wikipedia : MD5-based scheme http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme What ever it is, it's not supported by ICS (currently). -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Ruud Kerstens wrote: > Well, i actually do not know, you could be right, i really do not > know... > > I also know there are different options, like using --des for des > encryption. and also --md5 for md5 way of encrypting. and a --check > option to check the password. > I guess it really is some encryption, but why do they name it MD5 > hash.. In the perl-script is a line mentioning salt and some > characters to be used for encryption.. > > I just found this description on internet wikipedia : > > MD5-based scheme http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme What ever it is, it's not supported by ICS (currently). -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Well, i actually do not know, you could be right, i really do not know... I also know there are different options, like using --des for des encryption. and also --md5 for md5 way of encrypting. and a --check option to check the password. I guess it really is some encryption, but why do they name it MD5 hash.. In the perl-script is a line mentioning salt and some characters to be used for encryption.. I just found this description on internet wikipedia : MD5-based scheme Poul-Henning Kamp designed a baroque and (at the time) computationally expensive algorithm based on the MD5 message digest algorithm. MD5 itself would provide good cryptographic strength for the password hash, but it is designed to be quite quick to calculate relative to the strength it provides. The crypt() scheme is designed to be expensive to calculate, to slow down dictionary attacks. The printable form of MD5 password hashes starts with $1$. This scheme allows users to have any length password, and they can use any characters supported by their platform (not just 7-bit ASCII). (In practice many implementations limit the password length, but they generally support passwords far longer than any person would be willing to type.) The salt is also an arbitrary string, limited only by character set considerations. First the passphrase and salt are hashed together, yielding an MD5 message digest. Then a new digest is constructed, hashing together the passphrase, the salt, and the first digest, all in a rather complex form. Then this digest is passed through a thousand iterations of a function which rehashes it together with the passphrase and salt in a manner that varies between rounds. The output of the last of these rounds is the resulting passphrase hash. The fixed iteration count has caused this scheme to lose the computational expense that it once enjoyed. Variable numbers of rounds are now favoured. Best regards, Ruud -- From: "Arno Garrels" Sent: Saturday, November 21, 2009 10:36 PM To: "ICS support mailing" Subject: Re: [twsocket] MD5 passwords Ruud Kerstens wrote: well, i created the string with a linux-tool on the radius-server (freeradius). It is used as: cryptpasswd --md5 . Doesn't this just encrypt the MD5 value of the password? Just a wild guess.. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Ruud Kerstens wrote: > well, i created the string with a linux-tool on the radius-server > (freeradius). It is used as: > cryptpasswd --md5 . Doesn't this just encrypt the MD5 value of the password? Just a wild guess.. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
well, i created the string with a linux-tool on the radius-server
(freeradius). It is used as:
cryptpasswd --md5 .
Ruud Kerstens.
this is the cryptpasswd perlscript below (not farmiliar with perl) :
#...@perl@
#
# cryptpasswd Generate or check md5 and DES hashed passwords.
#
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
#
#Copyright (C) 2001 The FreeRADIUS Project http://www.freeradius.org
#
#Written by Miquel van Smoorenburg
#
#$Id: cryptpasswd.in,v 1.1 2001/09/28 14:04:29 aland Exp $
#
use Getopt::Long;
sub check_des {
return (crypt("fnord", "aa") =~ m/^aa/);
}
sub check_md5 {
return (crypt("fnord", "\$1\$aa") =~ m/^\$1\$/);
}
sub usage {
die "Usage: cryptpasswd [--des|--md5|--check] plaintext_password
[crypted_password]\n";
}
@saltc = ( '.', '/', '0'..'9', 'A'..'Z', 'a'..'z' );
#
# MAIN
#
sub main {
Getopt::Long::Configure("no_ignore_case", "bundling");
my @options = ( "des|d+", "md5|m+", "check|c+" );
usage() unless (eval { Getopt::Long::GetOptions(@options) } );
if ($opt_check) {
usage unless ($#ARGV == 1);
if (crypt($ARGV[0], $ARGV[1]) ne $ARGV[1]) {
print "Password BAD\n";
return 0;
} else {
print "Password OK\n";
return 1;
}
}
usage() unless ($opt_des || $opt_md5);
usage() unless ($#ARGV == 0);
die "DES password hashing not available\n"
if ($opt_des && !check_des());
die "MD5 password hashing not available\n"
if ($opt_md5 && !check_md5());
$salt = ($opt_md5 ? '$1$' : '');
for ($i = 0; $i < ($opt_md5 ? 8 : 2); $i++) {
$salt .= $saltc[rand 64];
}
$salt .= '$' if ($opt_md5);
print crypt($ARGV[0], $salt), "\n";
1;
}
exit !main();
--
From: "Arno Garrels"
Sent: Saturday, November 21, 2009 9:33 PM
To: "ICS support mailing"
Subject: Re: [twsocket] MD5 passwords
Ruud Kerstens wrote:
the password 'test' should generate :
$1$/mMVthpE$sgNAe9PaR0ORB1YCc1CVq1
A MD5 checksum/hash value is an array of 16 bytes, mostly
represented as a hex string, that's what StrMD5() returns.
The MD5 of "test" as a hex string looks like
"7318EFC576D8C24B47540D5ACFD58E5A"
The same MD5 Base64 encoded was "cxjvxXbYwktHVA1az9WOWg=="
I'm sorry, I've currently no idea what encoding might have
produced the string you posted above?
Someone else?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] MD5 passwords
Ruud Kerstens wrote: > > the password 'test' should generate : > $1$/mMVthpE$sgNAe9PaR0ORB1YCc1CVq1 A MD5 checksum/hash value is an array of 16 bytes, mostly represented as a hex string, that's what StrMD5() returns. The MD5 of "test" as a hex string looks like "7318EFC576D8C24B47540D5ACFD58E5A" The same MD5 Base64 encoded was "cxjvxXbYwktHVA1az9WOWg==" I'm sorry, I've currently no idea what encoding might have produced the string you posted above? Someone else? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
