Gentoo Archives: gentoo-security

From: Stuart Howard <stuart.g.howard@×××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] PAM/passwd? and hash tables
Date: Tue, 15 Nov 2005 13:08:53
1 Hi
3 I read the following artivle
5 which has prompted me to reconsider my security setup, it is a home
6 system but with open ssh ports and similar.
7 My specific question is this - What method/cryptography is used to
8 create the passwd hash under PAM ie. is it vunerable to rainbow type
9 hash tables.
10 -----snip---- ^^ article
11 RainbowCrack Online will offer 11 tables covering six different hash
12 algorithms, including LanMan, MD5, MySQL 323, and SHA-1
13 -----snip-----
15 now that said it is quite possible that I have got the wrong end of
16 the stick so to speak, ie. I know that PAM handles login etc but is it
17 PAM that generates the hash of my chosen password?
18 If so can I expand my question to ask what program and further what
19 algorithm is used to do this task.
20 This is for my system of course but I guess the principle can be
21 applied to many systems.
24 As I was writing this I checked man passwd which seems to have
25 answered my question on the whole
26 ---snip---
27 The UNIX System encryption
28 method is based on the NBS DES algorithm and is very secure.
29 ---snip---
31 I have left my earlier question [more or less answered] just for some
32 confirmation, but the new point is -
33 Does the "NBS DES algorithm" come under the "salt" method? and is it
34 therefore immune to attacks of the hash table variety?
36 regards
38 stuart
40 ps. I know the above is a little disjointed but I am stumbling in the
41 dark a little here.
43 --
44 "There are 10 types of people in this world: those who understand
45 binary, those who don't"
47 --Unknown
49 --
50 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] PAM/passwd? and hash tables Sebastian Siewior <gentoo-security@×××××××××××××.cc>
Re: [gentoo-security] PAM/passwd? and hash tables Christophe Garault <christophe@×××××××.org>