unix crypt() vs. AIX crypt()

unix crypt() vs. AIX crypt()

Post by Thomas H. Ptac » Sat, 22 Nov 1997 04:00:00




Quote:>OpenBSD can use any of the following formats:

Yeah, this is quite cool. Which scheme is the default?

--
-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                         "mmm... sacrilicious"

 
 
 

unix crypt() vs. AIX crypt()

Post by Theo de Raad » Sat, 22 Nov 1997 04:00:00




> >OpenBSD can use any of the following formats:

> Yeah, this is quite cool. Which scheme is the default?

Here is the default configuration file:

(Note how non-YP and YP ciphers are controlled seperately. This lets
us deal correctly in case the YP server is not capable of handling our
blowfish passwords.  That hack is a bit ugly, I guess, but some people
need that).

#       $OpenBSD: passwd.conf,v 1.6 1997/04/14 22:26:21 provos Exp $
#
# Passwd configuration file
#
# Possible stanzas are:
#       'default', username or .groupname
# Possible options are at the moment:
#       localcipher, ypcipher
# they can take values of
#       old             - old unix style salt of 12bit (YP compatible)
#       newsalt         - DES hash with salt of 64 bit
#       md5             - MD5 hashing algorithm
#       blowfish,x      - Blowfish cipher, 2^x is number of rounds (BEST!)
#                         128 bit salt, 2^4 rounds are min, 2^31 max
#
# EXAMPLE to give members of group .wheel blowfish passwords
#.wheel:
#        localcipher=blowfish,6

default:
        localcipher=blowfish,5
        ypcipher=old

root:
        localcipher=blowfish,7

--

www.OpenBSD.org -- We're fixing security problems so you can sleep at night.
(If it wasn't so fascinating I might get some sleep myself...)

 
 
 

unix crypt() vs. AIX crypt()

Post by Thomas H. Ptac » Sat, 22 Nov 1997 04:00:00



Quote:>(someone correct me if I'm wrong)  I'm fairly certain all UNIX platforms use
>the same scheme by default.  At work, we have seven platforms (including AIX

FreeBSD uses an MD5 hashing scheme by default.
OpenBSD uses a Blowfish scheme.

Neither of these are compatible with traditional Unix DES crypt.

--
-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                         "mmm... sacrilicious"

 
 
 

unix crypt() vs. AIX crypt()

Post by Theo Van Dinte » Sat, 22 Nov 1997 04:00:00



> Both algorithms use a perturbed DES algorithm.  Does any one know if OS's use
> the same type of perturbation (salt) and write the encrypted passwords in the
> same format?

(someone correct me if I'm wrong)  I'm fairly certain all UNIX platforms use
the same scheme by default.  At work, we have seven platforms (including AIX
and Linux) that run off of the NIS password map.  Since all of the platforms
use the same encrypted password for verification, I can only assume it's the
same scheme all around.
 
 
 

unix crypt() vs. AIX crypt()

Post by Theo de Raad » Sat, 22 Nov 1997 04:00:00




> >(someone correct me if I'm wrong)  I'm fairly certain all UNIX platforms use
> >the same scheme by default.  At work, we have seven platforms (including AIX

> FreeBSD uses an MD5 hashing scheme by default.
> OpenBSD uses a Blowfish scheme.

> Neither of these are compatible with traditional Unix DES crypt.

OpenBSD can use any of the following formats:

Normal DES
Ancient non-salted DES
FreeBSD-compatible MD5
Our own Blowfish-based bcrypt()

You can configure what password types are used on a user or group basis.

--

www.OpenBSD.org -- We're fixing security problems so you can sleep at night.
(If it wasn't so fascinating I might get some sleep myself...)

 
 
 

unix crypt() vs. AIX crypt()

Post by Timothy J. L » Sat, 22 Nov 1997 04:00:00


|FreeBSD uses an MD5 hashing scheme by default.
|OpenBSD uses a Blowfish scheme.
|
|Neither of these are compatible with traditional Unix DES crypt.

Are any other Unix vendors considering supporting additional password
hashing mechanisms?  Is there likely to be any kind of standard in the
future for non-DES password hashing mechanisms?

--
------------------------------------------------------------------------

Unsolicited bulk or commercial email is not welcome.             netcom.com
No warranty of any kind is provided with this message.

 
 
 

unix crypt() vs. AIX crypt()

Post by Peter F. Curr » Mon, 24 Nov 1997 04:00:00





>|FreeBSD uses an MD5 hashing scheme by default.
>|OpenBSD uses a Blowfish scheme.
>|
>|Neither of these are compatible with traditional Unix DES crypt.

>Are any other Unix vendors considering supporting additional password
>hashing mechanisms?  Is there likely to be any kind of standard in the
>future for non-DES password hashing mechanisms?

Linux systems and a few others are now able to use PAM, (Pluggable
Authentication Modules), which separates the encryption scheme from the
application by use of a library and API.  You can have a PAM for shadow
passwords, regular passwords, Kerberos, or any other type of scheme
including improved encryption methods.

--
     Peter F Curran
     Rensselaer Polytechnic Institute


Use address in Organization line, finger
for PGP key.  Antispaam test in progress.

 
 
 

1. passwd hashing methods Re: unix crypt() vs. AIX crypt()


Here at Stanford, we're proposing a password hashing algorithm
based on discrete exponentiation.  Not only does it make the
password file harder to brute-force, but it also enables secure
network logins that are completey immune to both sniffers and
active (e.g. man-in-the-middle) attacks.  I've got it up and running
on my RH4.1 Linux box with PAM support.
See <http://srp.stanford.edu/srp/> for details and software.
--


  Phone: (650) 725-6969                       in what you accept from others."
   http://www-cs-students.stanford.edu/~tjw/                Visit my homepage!

2. FIC MB and CTX Monitors?

3. crypt in C++ just like crypt in c library

4. HOWTO auto-logout inactive sessions?

5. Does Linux support crypt(1) and crypt(3)?

6. Wondering about Unix OS?

7. Perl(Crypt::DES, Crypt::IDEA)

8. SMP on a PowerMac

9. Crypt-IDEA-1.01 AIX 4.3.3

10. need AIX replacement for system V crypt command

11. Where is CRYPT in AIX 3.2.5 ??

12. Differences in crypt() between AIX and Solaris ?

13. Crypt function for AIX?