Date: Tue, 22 Aug 2000 23:12:51 -0700 From: D M P <dmp@aracnet.com> To: Chris Fedde <chris@fedde.littleton.co.us> Cc: freebsd-questions@FreeBSD.ORG Subject: More questions about passwords [Was: Re: Encrypting a password for insertion using chpass(1)?] Message-ID: <39A36B63.7A5292F9@aracnet.com> References: <200008210537.e7L5bNj25784@fedde.littleton.co.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Fedde wrote:
>
> On Sun, 20 Aug 2000 19:54:25 -0700 D M P wrote:
> +------------------
> | I need to syncronize a server's user passwords to those in a database.
> | The database spits out cleartext passwords. I have to somehow get
> | those into the password database on the server. The first way I came
> | up with was calling chpass(1) and feeding it the new password, but
> | according to the man page, it will only take encrypted passwords, not
> | cleartexts.
> |
> | How do I encrypt a password so I can insert it using chpass?
> |
> | Is there another way I can do this?
> +------------------
>
> Sure there is. You can create unix des style encrypted passwords realy
> easy. Here is perl that does it:
>
> perl -le 'print crypt("foo", "foo")'
>
> Note that "foo" is used for both the password and the salt. This technique
> should be at least as secure as keeping the cleartext passwords in a
> database server ;-}
I was looking at the output crypt() produces, and saw that the first
eight characters of the cleartext password are visible between the
second and third $'s. From reading the assorted docs about how this
works, I'm thinking those eight characters are (forgive the lack of
proper terms) the "key" used for the original password encryption, and
are kept there so that the same key is used everytime login checks for
a password match, right?
Assuming that I am right, logic follows that if I generated a eight
random characters to use instead, that it would still work, and the
cleartext wouldn't be seen in the cypher. My question is, how do I
input those characters? Is that the salt I pass to perl's crypt()?
Can it be any 64-bit value, or does it have to be comprised of the
64 characters mentioned in crypt(3)?
-
drano(8) - Clears clogged |'s fast.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A36B63.7A5292F9>