jpm@logixwi.uucp (Jan-Piet Mens @ Logix GmbH, Wiesbaden) (03/27/91)
I am writing a new login which should have a few extras (any ideas ?) for an SCO UNIX 3.2.2 machine. Apart from the set_auth* stuff which I have found (omegod :-), there is a crypt(3) routine in the shared library libc_s that only returns 13 characters of encrypted password. SCO UNIX though, allows (and has) passwords with more than 13 encrypted characterns in the security database /tcb/files/auth/?/*. Now the question: Does anyone know how it is done ? Do you have a free version of crypt() that does that ? Is it somewhere in the archives ? (No ftp please, just email) Thank you very much. Regards, JP -- Jan-Piet Mens, Logix GmbH jpm@logixwi.UUCP Moritzstr. 50, D-6200 Wiesbaden ...!uunet!mcsun!unido!logixwi!jpm
em@dce.ie (Eamonn McManus) (04/03/91)
I have cut down the crossposting and directed followups to comp.unix.sysv386. jpm@logixwi.uucp (Jan-Piet Mens @ Logix GmbH, Wiesbaden) writes: >I am writing a new login which should have a few extras (any ideas ?) for >an SCO UNIX 3.2.2 machine. >Apart from the set_auth* stuff which I have found (omegod :-), there is a >crypt(3) routine in the shared library libc_s that only returns 13 >characters of encrypted password. >SCO UNIX though, allows (and has) passwords with more than 13 encrypted >characterns in the security database /tcb/files/auth/?/*. There is an undocumented routine called bigcrypt() which is called in essentially the same way as crypt(). It produces the same result as crypt() for short passwords (<= 8 plaintext characters); for longer passwords it apparently crypts each block of eight characters separately and concatenates the results. Here is a relevant excerpt from my replacement SCO su: ... #if SecureWare #include <sys/security.h> #include <prot.h> #endif ... char *pass, *crpass, *realpass; #if SecureWare struct pr_passwd *ugh; int origumask; #endif ... origumask = umask(0); (void) umask(origumask); set_auth_parameters(argc, argv); /* OBNOXIOUS MISFEATURE: above call sets the umask to 077. If I want the umask to be changed, I'll ASK for it to be changed. Grrr. */ (void) umask(origumask); if ((ugh = getprpwnam(user)) == NULL) crash("get protected password", user); if ((pass = getpasswd("Password:", AUTH_MAX_PASSWD_LENGTH)) == NULL) crash("getpasswd", user); /* Use the undocumented bigcrypt() routine which crypts a password in pieces if it is longer than 8 characters. */ if ((crpass = bigcrypt(pass, ugh->ufld.fd_encrypt)) == NULL) crash("crypt", user); /* I don't think crypt can fail, but may as well test. */ ... , Eamonn
cme@ellisun.sw.stratus.com (Carl Ellison) (04/04/91)
In article <bigpryct@dce.ie> em@dce.ie (Eamonn McManus) writes: >There is an undocumented routine called bigcrypt() which is called in >essentially the same way as crypt(). It produces the same result as >crypt() for short passwords (<= 8 plaintext characters); for longer >passwords it apparently crypts each block of eight characters separately >and concatenates the results. If I understand this correctly, bigcrypt() will let you know, through the number of output blocks, truncate(password_length / 8). Needless to say, that's a security flaw.
em@dce.ie (Eamonn McManus) (04/04/91)
cme@ellisun.sw.stratus.com (Carl Ellison) writes: >>It produces the same result as >>crypt() for short passwords (<= 8 plaintext characters); for longer >>passwords it apparently crypts each block of eight characters separately >>and concatenates the results. > >If I understand this correctly, bigcrypt() will let you know, through the >number of output blocks, truncate(password_length / 8). > >Needless to say, that's a security flaw. The passwords are stored in a user database that is not pleb-readable. So the security of the encryption scheme is not as important as in the traditional setup where encrypted passwords appear in /etc/passwd. Not that I think this is an excuse for laxity. I think that 2^56 is an adequately large keyspace, so it would be better to treat long passwords by combining the extra characters with earlier ones so as to produce 8-byte keys containing characters that would not ordinarily be in passwords. , Eamonn
nachi@necisa.ho.necisa.oz.au (Nachiappan Muthu) (04/21/91)
jpm@logixwi.uucp (Jan-Piet Mens @ Logix GmbH, Wiesbaden) writes: > I am writing a new login which should have a few extras (any ideas ?) for > an SCO UNIX 3.2.2 machine. > Apart from the set_auth* stuff which I have found (omegod :-), there is a > crypt(3) routine in the shared library libc_s that only returns 13 > characters of encrypted password. > . . . . > Now the question: Does anyone know how it is done ? Do you have a free > version of crypt() that does that ? Is it somewhere in the archives ? There is a function called bigcrypt available in /lib/libprot.a in SCO UNIX which is capable of crypting passwords of length more than 13. Actually bigcrypt() uses crypt() internally. The syntax for bigcrypt() is exactly the same as crypt(), just replace crpyt() in your program by bigcrypt(). It works, but don't ask me how ? Please do not forget to link libprot.a as well as libc_s.a Have fun ! -- * Nachiappan Muthu nachi@necisa.ho.necisa.oz.au * 11/2 Francis St Ph. +61 2 550 8559 (Off) * Marrickville - NSW 2204 +61 2 559 1827 (Res) * Australia