Re: passwd hashing algorithm

Paul C Leyland (pcl@foo.oucs.ox.ac.uk)
Thu, 20 Apr 1995 12:29:46 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: ADMINISTRATOR.ROUTER@smrouter.AAC.COM: "ERROR REPLY: Re: Kerberos availability (Re: NIS)"
Previous message: Bernd Lehle: "How to join list ?"
Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
Next in thread: John F. Haugh II: "Re: passwd hashing algorithm"

"David A. Wagner" <dawagner@phoenix.Princeton.EDU> wrote:

> > > > > 1. 25 iterations of DES with the first 8 bytes of the
> > > > >    password as key, followed by 25 iterations of DES
> > > > >    with the second 8 bytes of password as key.
> > 
> > You've obviously got something else in mind.  By all means, please tell 
> > me how you're going to do it in 2^32 DES steps (still 2^35 (32 GB) bytes of 
> > storage, a non-trivial sum.)  Details and crypto-babble welcome:)
> > 
> 
> Ok, here's the explanation.  I'd love to hear feedback about
> whether this is on charter for bugtraq; if it's not, email me
> and I'll avoid spamming y'all in the future.

Likewise, if the appended source code for my re-implementation of
DEC's buggy crypt16() is unacceptable.

> I'm interested in hearing more information about the
> OSF/1 or Ultrix hash function -- is there any place where
> I can get source or anything?  I have access to one OSF/1
> box, but it doesn't have any man pages or anything on a
> crypt16().

Below is the stuff I wrote for Michael Glad's UFC to implement
crypt16().  If you need more context, you'll need to get hold of UFC
from your favourite crypto archive.

Unfortunately, I've lost my re-discovery of the OSF/1 bigcrypt()
algorithm.  DEC are *very* reticent about letting details out and its
documentation is virtually non-existent.  However, examination of the
contents of /tcb/files/auth/p/pcl as I changed my password, together
with a few astute guesses, was all that were required.

If I find the bigcrypt() code again, I'll post it.

Paul

8<---------------------------Snipped from UFC----------------------->8

/* 
 * Ultrix crypt16 function, thanks to pcl@convex.oxford.ac.uk (Paul Leyland)
 */
   
char *crypt16(key, salt)
  char *key, *salt;
  { ufc_long *s, *t;
    char ktab[9], ttab[9];
    static char q[14], res[25];
    /*
     * Hack DES tables according to salt
     */
    setup_salt(salt);
    
    /*
     * Setup key schedule
     */
    clearmem(ktab, sizeof ktab);
    (void)strncpy(ktab, key, 8);
    ufc_mk_keytab(ktab);
    
    /*
     * Go for first 20 DES encryptions
     */
    s = _ufc_doit((ufc_long)0, (ufc_long)0, 
		  (ufc_long)0, (ufc_long)0, (ufc_long)20);
    
    /*
     * And convert back to 6 bit ASCII
     */
    strcpy (res, output_conversion(s[0], s[1], salt));
    
    clearmem(ttab, sizeof ttab);
    if (strlen (key) > 8) (void)strncpy(ttab, key+8, 8);
    ufc_mk_keytab(ttab);
    
    /*
     * Go for second 5 DES encryptions
     */
    t = _ufc_doit((ufc_long)0, (ufc_long)0, 
		  (ufc_long)0, (ufc_long)0, (ufc_long)5);
    /*
     * And convert back to 6 bit ASCII
     */
    strcpy (q, output_conversion(t[0], t[1], salt));
    strcpy (res+13, q+2);
    
    clearmem(ktab, sizeof ktab);
    (void)strncpy(ktab, key, 8);
    ufc_mk_keytab(ktab);
    
    return res;
  }

Next message: ADMINISTRATOR.ROUTER@smrouter.AAC.COM: "ERROR REPLY: Re: Kerberos availability (Re: NIS)"
Previous message: Bernd Lehle: "How to join list ?"
Maybe in reply to: Dave Stagner: "passwd hashing algorithm"
Next in thread: John F. Haugh II: "Re: passwd hashing algorithm"