Linux password encryption and data encryption

Tux-Slack · 06-16-2007, 01:43 PM

I've heard Linux uses a one way encryption method for users password.
Where can I get a look at this code?
I want to make something like this for my own application, nothing else...

And for data encryption, is there a example for data encryption so I wouldn't store my data encryption in normal Text mode on the disk, so it will be stored encrypted.

wjevans_7d1@yahoo.co · 06-16-2007, 03:56 PM

This will not only answer your question. It will also give you a general guide on how to get the source for whatever was included in a stock installation of Slackware 11.

You're running Slackware 11, yes?

You have the Slackware CD's, yes? There are 6 of those puppies.

Mount CD 4. On that CD, go to the source directory. Read README.TXT; it will give you general directions on how to find the source for anything distributed with Slackware 11.

The first step is to see what login uses for passwords. So at your shell prompt, do a

Code:

which login

You'll get this as output:

Code:

/bin/login

Remove that first slash and do this:

Code:

grep bin/login /var/log/packages/*

You'll get something like this:

Code:

/var/log/packages/heimdal-0.7-i486-2frg:opt/heimdal/bin/login
/var/log/packages/ppp-2.4.4b1-i486-1:usr/sbin/login.radius
/var/log/packages/shadow-4.0.3-i486-13:bin/login

The final line looks promising, yes?

README.TXT is a little sketchy here. But take everything on that final line before the colon (":"), and look at that file:

Code:

grep LOCATION /var/log/packages/shadow-4.0.3-i486-13

You'll get output that looks like this:

Code:

PACKAGE LOCATION: /var/log/mount/slackware/a/shadow-4.0.3-i486-13.tgz

See that single letter that appears after the slackware/? The "a"? Go to the source/a directory on the CDROM. (Notice that not all letters are represented there. You may have to go to CD 5 or 6 for some letters, such as t and x. And some of them are not single letters at all, but short strings such as tcl and xap. But in your situation, just stay with CD 4, because you can see that the CD directory source contains subdirectory a.)

Do an ls in that directory, and you'll see a shadow subdirectory. Go to that directory and copy file shadow-4.0.3.tar.bz2 to someplace on your hard drive, preferably in a directory of its own. Then, in that directory:

Code:

tar -xvjf shadow-4.0.3.tar.bz2

Look around in the shadow-4.0.3/src directory, and you'll find about 7 calls to function pw_encrypt. That sounds close to what you want, right? But the function is only called here, not defined here. So close, but not yet!

Go back up to the shadow-4.0.3 directory and do this:

Code:

grep -lR pw_encrypt .

You'll get this:

Code:

./libmisc/salt.c
./libmisc/valid.c
./lib/dialchk.c
./lib/encrypt.c
./lib/prototypes.h
./lib/pwauth.c
./src/chpasswd.c
./src/dpasswd.c
./src/gpasswd.c
./src/newgrp.c
./src/newusers.c
./src/passwd.c
./contrib/pwdauth.c

Bob's your uncle.

Hope this helps.

chrism01 · 06-17-2007, 12:33 AM

Now you've followed the above good advice, for file encryption you'll prob use GPG, whose home is here
http://www.gnupg.org/
and is installed (on my Fedora Core 6) in /usr/bin/gpg. Try which gpg to find it on yours.
Note that in this case, you should just be able to use the tool as installed, ie you don't need to read the source.

Tux-Slack · 06-19-2007, 10:59 AM

Well this is for a cross-platform app, so I inteand to read the source

Thank you both.

chrism01 · 06-20-2007, 06:46 AM

Get downloads from here: http://www.gnupg.org/download/ for most OSes.
It's generally not recommended to implement your own code, it's trickier than it looks to avoid introducing weaknesses.
(Assuming this is for a serious app)