LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-24-2006, 12:25 AM   #1
granny
Member
 
Registered: Nov 2002
Distribution: RH
Posts: 141

Rep: Reputation: 15
grub-md5-crypt


Hey all,

Most MD5 hashing programs I have seen generate the same hash if you consistently use the same password. For example, if use a pass of "sup3rm@n" it would generate something like

1$\yuUhgbaW244HiplO09i

every time

I noticed that when I ran grub-md5crypt on my FC2 system, it never generated the same hash when using the same password.

Can anyone explain this, sorry if this such a n00b question.
 
Old 01-24-2006, 02:30 AM   #2
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 55
I think FC adds a salt before hashing the password, to prevent attacks based on prepared hash tables (dictionnary attack)
Could be
grub_hash(PASS)="SALT"+"MD5(SALT+PASS)"
The SALT is choosen randomly everytime you change the password.

If a user comes with a list like this:
MD5(l33t)=x
MD5(passw0rd)=y
MD5(123456)=z
..
(big file containing hashes of easy passwords)

then he cannnot compare grub_hash with x,y,z because
grub_hash(passw0rd)="21E4"+MD5("21E4passw0rd")
and he has not prepared MD5(21E4passw0rd) because its not a dictionnary word.
Adds a little layer.

Maybe from one install of redhat to another, the md5 would not be the same...
 
Old 01-24-2006, 12:41 PM   #3
granny
Member
 
Registered: Nov 2002
Distribution: RH
Posts: 141

Original Poster
Rep: Reputation: 15
Thanks! I figured it was something like that.
 
Old 01-24-2006, 01:20 PM   #4
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 55
But the problem remains for RH , strange. Is it an old RH?
Anyway, I don't see why somebody from outside would crack your grub password
And its pretty easy to remove this password if you have physical access
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
No Crypt AMMullan Linux - Software 4 08-08-2007 03:48 AM
LXer: Secure Java Apps on Linux using MD5 Crypt LXer Syndicated Linux News 0 01-13-2006 05:01 AM
dm-crypt rino.caldelli Linux - Software 1 07-28-2005 09:06 PM
Does AIX5.2 use crypt or md5 synthol6 AIX 1 07-26-2004 08:08 AM
Crypt help liguorir Linux - Security 2 05-11-2004 09:44 AM


All times are GMT -5. The time now is 05:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration