LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-24-2005, 07:59 AM   #1
shivaligupta
Member
 
Registered: Oct 2004
Posts: 45

Rep: Reputation: 15
Unhappy encryption algorithm in fedora plz help


I want to know that which encryption algorithm has been used to encrypt passwords stored in /etc/shadow file. From which variable i can get info. about this?

Last edited by shivaligupta; 04-25-2005 at 12:20 AM.
 
Old 04-24-2005, 08:30 AM   #2
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
it's a one way hash function ,
below is a link to shadow and it use in C :

http://www.linuxselfhelp.com/howtos/...OWTO.html#toc2
 
Old 04-24-2005, 08:39 AM   #3
shivaligupta
Member
 
Registered: Oct 2004
Posts: 45

Original Poster
Rep: Reputation: 15
crypt not applicable here

"crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search."

I hav fedora core 2 installed on my system. crypt function returns a pointer to 13- character string. i.e it uses DES algorithm to encrypt the password & after encryption returns a 13 character string.

but when i saw /etc/shadow file of my system, it contains a 34 character string as the encrypted password. so i guess DES has not been used but some other algo has been used. I want to know which one?
& then which functions can be used to encrypt & decrypt such passowrds?
& which variable tells that which algorithm have been used?
 
Old 04-24-2005, 04:32 PM   #4
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
after looking at the source , it look like they are using md5 with crypt()
you can check with these source file from "shadow-4.0.7" package :
encrypt.c
salt.c
pwdauth.c

for my linux if i want to encrypt with md5 shadow ,
i need to compile the package to get the libshadow.a ,
then use function " pw_encrypt(const char *clear, const char *salt) "
i also need to adapt function " crypt_make_salt (void) " from salt.c

below is a code(no checking/debug just for compile/test )that link with libshadow.a
gcc 001.c -o 001 -lshadow -lcrypt

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/time.h>
#include <pwd.h>
#include <shadow.h>
extern char *l64a ();
extern char *pw_encrypt();
//#define crypt pw_encrypt

char *crypt_make_salt (void)
{
	struct timeval tv;
	static char result[40];

	result[0] = '\0';
        strcpy (result, "$1$");	/* magic for the new MD5 crypt() */
    
        // Generate 8 chars of salt, the old crypt() will use only first 2.
	 
	gettimeofday (&tv, (struct timezone *) 0);
	strcat (result, l64a (tv.tv_usec));
	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));

	if (strlen (result) > 3 + 8)	/* magic+salt */
		result[11] = '\0';

	return result;
}

int main()
 
{
  char *salt;
  char *cp;
  char *CryptP;  
  char *NCryptP;
  struct spwd *spwd;
  struct spwd *getspnam();

 //   pw = getpwnam("userName");
    spwd = getspnam("userName");
    if (spwd)
        cp = spwd->sp_pwdp;
 
// check for matching userName/password 
        CryptP = pw_encrypt("userPassword",cp);
    if (strcmp(CryptP, cp) == 0) 
        printf("\nCorrect password   = %s \n",CryptP); else
        printf("Fail password      = %s \n",CryptP)  ; 
        printf("spwd->sp_pwdp      = %s \n",cp);
    
    
// create new MD5 crypt password 
        salt=crypt_make_salt();   
        NCryptP = pw_encrypt("myPassword",salt);
        printf("\nNew password       = %s \n",NCryptP); 
        printf("salt               = %s \n\n",salt);
    
    
    return 0;
}
i'm still not sure whether this is the correct way to work with shadow ,
there might be better or staright forward way ,
it's better to verify with someone experience in shadow or cryptography

hope that these at least can help you in some way or other

Last edited by alred; 04-24-2005 at 04:43 PM.
 
Old 04-24-2005, 11:56 PM   #5
shivaligupta
Member
 
Registered: Oct 2004
Posts: 45

Original Poster
Rep: Reputation: 15
which variable tells that which encryption algo has been used?

Thanks for the reply. It worked on my fedora.
but sir i have to made my program generic
so plz tell from which variable or environment variable we can come to know that which encryption algorithm has been used. so that i can use different ALGORITHMS FOR different encryption.
or from which file we can know this.
 
Old 04-25-2005, 12:08 AM   #6
rununix
LQ Newbie
 
Registered: Aug 2004
Posts: 20

Rep: Reputation: 0
It depends on OS, I don't believe anything is written into the environment. Your attempts "to make things generic" are puzzling because you have to be aware of the fact that different unixes do things differently. Please elaborate.
 
Old 04-25-2005, 12:17 AM   #7
shivaligupta
Member
 
Registered: Oct 2004
Posts: 45

Original Poster
Rep: Reputation: 15
I agree that diff OS works differently. But for all OS it is stored somwhere that which encryption algorithm have been implemented.

i am making a code & i want that only the person knowing the root password should be able to execute it.
When some user other than root executes it, I ask for the root password from the user. then i need to compare that password with the one that is stored in /etc/shadow. for that i need to know encrypt the password entered by the user. & for this i need to know which encryption algorithm has been used in the system

eg: in my fedora MD5 has been used, in SUSE, DES has been used. I have to run my code on both platforms.
 
Old 04-25-2005, 12:24 AM   #8
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
i think when we are using crypt or pw_encrypt they will check for the first three magic char of "$1$" , if present they will do a md5 crypting if not it may fall back to the old crypt , this is for checking password/userName
as for encryption its better to use the new md5 crypt , i suspect there are some attemps for "standardisation" in applications using shadow like ppp and ftp etc , in kernal or GCC itself for using newer crypt.

just for reference , there's a define in getdef.c using "/etc/login.defs"
Code:
{ "MD5_CRYPT_ENAB",		NULL },
we may need to step through some source files from "shadow-4.0.7" package in-order to understand more.
it's kind of fun
 
Old 04-25-2005, 12:42 AM   #9
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
Quote:
by shivaligupta
eg: in my fedora MD5 has been used, in SUSE, DES has been used. I have to run my code on both platforms.
if so , you can code your app with checking the first three magic char of "$1$" in the supplied password and use desired crypt function for your SUSE
 
Old 04-25-2005, 12:56 AM   #10
shivaligupta
Member
 
Registered: Oct 2004
Posts: 45

Original Poster
Rep: Reputation: 15
Thanks for the quick response.
Using this method i hav to download shadow-4.0.7 & then proceed further.
Can u suggest me some other direct method?
 
Old 04-25-2005, 01:09 AM   #11
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
taken from encrypt.c
Code:
if (strncmp(salt, "$1$", 3) == 0)
right now i'm not aware of "direct method"
you might need to download shadow-4.0.7 , you don't need to install it ,
just compile and get the " libshadow.a " and link (static?) to your program.The compilation is very fast .

as i mentioned it worth to look at encrypt.c , salt.c , pwdauth.c and adduser.c
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encryption algorithm in fedora core 2 shivaligupta Linux - Software 1 04-24-2005 12:46 PM
Which sorting algorithm? nodger Programming 6 01-28-2005 06:13 PM
fedora core 2 encryption problem Savet Linux - Wireless Networking 1 11-20-2004 08:44 PM
Airsnort Algorithm inthefuture Linux - Security 1 08-26-2004 10:01 PM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM


All times are GMT -5. The time now is 11:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration