From owner-freebsd-questions Tue Sep 21 11:39:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from brutus.converging.net (edtn002029.hs.telusplanet.net [161.184.135.251]) by hub.freebsd.org (Postfix) with ESMTP id 7A9F114E14 for ; Tue, 21 Sep 1999 11:39:16 -0700 (PDT) (envelope-from dtougas@brutus.converging.net) Received: (from dtougas@localhost) by brutus.converging.net (8.9.3/8.9.3) id MAA16692; Tue, 21 Sep 1999 12:57:31 -0600 (MDT) (envelope-from dtougas) Date: Tue, 21 Sep 1999 12:57:31 -0600 From: Damien Tougas To: Brian McGovern Cc: FreeBSD-Questions@freebsd.org Subject: Re: How does this password encryption stuff work? Message-ID: <19990921125731.A16648@converging.net> References: <199909211715.NAA22395@bmcgover-pc.cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <199909211715.NAA22395@bmcgover-pc.cisco.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I want to thank you very much for your reply. It was very clear, easy to understand, and is exactly what I was looking for. I appreciate someone taking the time to stoop to the level of someone with very little C programming experience. Thank You, Thank You, Thank You!!! -- Damien Tougas Converging Technology Solutions, Inc. Phone: (780)469-1679 Fax: (780)461-5127 E-mail: dtougas@converging.net http://www.converging.net On Tue, Sep 21, 1999 at 01:15:18PM -0400, Brian McGovern wrote: > Take a look at crypt(3) (man 3 crypt)... > > Paraphasing the crypt man page: > > The first arguement to crypt is a NUL-terminated string, ie - the password. The > second is a character array, 9 bytes long, consisting of an underscore, 4 > bytes of iteration, and 4 bytes of salt. They comment that they're encoded 6 > bits per character, and that 0-63 use certain ASCII characters.... > > Now, you want to do something to randomize the salt. This way, if the user > keeps selecting the same password, the encrypted form will continue to appear > to have changed (thus detering hackers). > > Therefore, the "simplest" (although by no means the best), might be via a > program similar to: > > #include > #include > > void main(int argc, char *argv[]) > { > printf("%s\n",crypt(argv[1],argv[2])); > } > > Then, assuming you call it "foo.c", compile with: > > cc -o foo foo.c -lcrypt. > > You can then run "foo", and specify a password and salt (and the salt must > be an underscore, then 8 bytes of salt and interation), so something like > this: > > ./foo MyPassword _iterSALT > > You will then get an encrypted password out. > > To make the above program more robust, here are some ideas: > > 1.) Add documentation, and comments. > > 2.) Add error checking. Make sure the right number of parameters are passed, > perhaps that the second parameter really starts with an _, etc. > > 3.) Take the second parameter away from the command line, and randomize it, > perhaps with gettimeofday(), or similar function that will change frequently. > > Enjoy. > -Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message