Date: Tue, 18 Feb 1997 08:16:25 +0200 From: Mark Murray <mark@grondar.za> To: Mikael Karpberg <karpen@ocean.campus.luth.se> Cc: mark@grondar.za (Mark Murray), security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Message-ID: <199702180616.IAA05643@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
Mikael Karpberg wrote: > According to Mark Murray: > > This come perilously close to breaking the "static only" link that some > > fols want exclusively in /bin/sbin. > > Umm... could you elaborate on this? I don't think I got it :-) Sure :-). The "rule" in [Free]BSD is that the applets in /bin and /sbin are statically linked (no dynamic objects) so that a sysadmin can have a system in single-user mode with no /usr, and still be running. With the dynamicically linked crypt objects approach, it is possible to break this if we are not _very_ careful. (I like the idea BTW, but I think it must be kept in check) > > > a string like "****************", which is not likely to match anything, or > > > simply return NULL. > > > > _*MAJOR*_ security hole. Do you want an algorithm that you can break in > > with straight away? This is it. The essence of crypt is that you are > > _*NOT*_ allowed to deduce the password from the output. > > Just a suggestion. Returning NULl may NOT be the brightest of ideas, I guess. > That would just clear the way for some nice random segfaults. :-) > However, I don't see how returning something like "************" could in > any way result in a security hole. Crypt can not normally return such It provides a way of getting crypt tp provide a given output given no knowledge of the input. Crypt's strength is its very _unpredictable_ outputs, and the fact that you _cannot_ produce a given output by manipulating the inputs. > a string, or can it? I may be wrong, but I've always been taught to put an > asterisk fisrt in people's passwords to keep them from logging in. Well, > I just put one asterisk there, not a whole bunch. So it can't match that. > And it you import a passwd entry with an unknown encryption name, then > crypt will just return "**************", which will not match the hashed > password for that entry, and therefor the person simply can not log in. No, but someone just has to crash crypt() in the same way to get the same output. Bingo! they are in. > At least not until you install that encryption. Then people change their > password with "passwd", you could just use the crypt protocol chosen in > /etc/crypt/conf (or whatever it would be called). Did I miss something? Yup! M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702180616.IAA05643>