Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Christophe Garault <christophe@...>
Subject: Re: PAM/passwd? and hash tables
Date: Tue, 15 Nov 2005 15:17:31 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Stuart Howard wrote :

>What method/cryptography is used to
>create the passwd hash under PAM ie. is it vunerable to rainbow type
>hash tables.

As I've spend some time to try understanding this by looking at the
source code, I think I can give you some tips.
Fisrt of all, have a look at your /etc/shadow where the encrypted
password is.
For example:
fabienne:$1$/oZtuVKk$dIY/JnsPaMF47Ai9SgacZ.:12789:0:99999:7:::

Fields are separated by a semicolon. So in the first one you have the
username, and in the second one there is the encrypted password but
this field is again separated in three new fields by a $ sign. So the
first one (1 in this case) is the encryption algorithm used (I'll have
to dive again in pam's sources to remember which number belongs to
wich encryption scheme). The second fields (/oZtuVKk) is the salt, and
the last one (dIY/JnsPaMF47Ai9SgacZ.) is the result of the encrypted
passwd+salt.

If you're interested to know more, I think I've allready posted a few
things some months agao, so I could try to search in my old mails if
you want to.

Have a nice day.
- --
Christophe Garault

ps: if someone tries to connect with this account, I'll ban him
forever... ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iD8DBQFDee37J5Nh3YMYAQsRAscjAJ4sQDFgx2XRb88gSGIWMKYEZCVNCQCfZNcz
cbfgQHdbBHP++E6K94hXXPA=
=eOVZ
-----END PGP SIGNATURE-----

-- 
gentoo-security@g.o mailing list


Replies:
Re: PAM/passwd? and hash tables
-- stian
References:
PAM/passwd? and hash tables
-- Stuart Howard
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: PAM/passwd? and hash tables
Next by thread:
Re: PAM/passwd? and hash tables
Previous by date:
Re: PAM/passwd? and hash tables
Next by date:
Re: PAM/passwd? and hash tables


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.