Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Stuart Howard <stuart.g.howard@...>
Subject: Re: PAM/passwd? and hash tables
Date: Tue, 15 Nov 2005 20:50:31 +0100
Thanks for the replies

I have done some further reading on the matter and seem to have come
across a paradox of sorts.
What got me intersted was that an article claiming that the hash
tables may be used for "evil " purposes but it was pointed out to me
that without the hash you have no comparison so what use is a hash
table, indeed you would also have had to gain access to the
/etc/shadow file to get the hash and since that requires root
priviledge it would seem you allready have a larger problem than
losing a password to clear text.
Of course I am only thinking of a remote login via 22 as that is what
primarily concerns me at the moment. So in short it seems I am safe
with my system as it is for now.

stu

ps on a side note
NBS DES
National Bureau of Standards Data Encryption Standard
http://www.garykessler.net/library/crypto.html#desmath



On 15/11/05, stian@... <stian@...> wrote:
> > Fields are separated by a semicolon. So in the first one you have the
> > username, and in the second one there is the encrypted password but
> > this field is again separated in three new fields by a $ sign. So the
> > first one (1 in this case) is the encryption algorithm used (I'll have
>
> $1$ meens MD5 (with salt). glibc crypt() function also reflects this. If
> the salt format doesn't match $1$xxxxxxx$ format, DES encryption is
> assumed, which has a very weak salt.
>
>
> Stian Skjelstad
> --
> gentoo-security@g.o mailing list
>
>


--
"There are 10 types of people in this world: those who understand
binary, those who don't"

--Unknown

-- 
gentoo-security@g.o mailing list


Replies:
Re: PAM/passwd? and hash tables
-- Richard M. Conlan
References:
PAM/passwd? and hash tables
-- Stuart Howard
Re: PAM/passwd? and hash tables
-- Christophe Garault
Re: PAM/passwd? and hash tables
-- stian
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: PAM/passwd? and hash tables
Next by thread:
Re: PAM/passwd? and hash tables
Previous by date:
Re: PAM/passwd? and hash tables
Next by date:
Re: PAM/passwd? and hash tables


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.