info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs with xinetd

From: Peter Ajamian
Subject: Re: cvs with xinetd
Date: Sat, 05 May 2001 11:16:20 -0700 
Larry Jones wrote:
> 
> Then it would appear that RedHat and/or Linux in general implemented MD5
> passwords in a less than desirable fashion.  What they should have done
> is enhance crypt(3) to do MD5 based on the first character(s) of the
> salt;

They did (see below).

> Presumably, they've patched all of those that come with the
> system, which was undoubtedly a whole lot more work than doing it right
> would have been.

There really is no way to implement MD5 into crypt without patching all
the apps anyways because of the differences between MD5 and DES, if you
tried to implement it transparently into crypt() you'd end up with buffer
overruns in apps that use a static buffer initialized to a length of 14
(13 characters in DES plus terminating NUL), hence you'd break a lot of
apps.  Following is a few snippets from an info page I dug up on my
system...

File: libc.info,  Node: crypt
<snip>
 - Function: char * crypt (const char * KEY, const char * SALT)
<snip>
     The SALT parameter does two things.  Firstly, it selects which
     algorithm is used, the MD5-based one or the DES-based one.
<snip>
     For the MD5-based algorithm, the SALT should consist of the string
     `$1$', followed by up to 8 characters, terminated by either
     another `$' or the end of the string.  The result of `crypt' will
     be the SALT, followed by a `$' if the salt didn't end with one,
     followed by 22 characters from the alphabet `./0-9A-Za-z', up to
     34 characters total.  Every character in the KEY is significant.
<snip>

Regards, Peter
reply via email to
[Prev in Thread] Current Thread [Next in Thread]