Bugtraq mailing list archives
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
From: "Mike Fratto" <mfratto () nwc com>
Date: Thu, 21 Apr 2005 17:14:47 -0400
The salt isn't always known... I don't know how an unprivledged user on a system w/ /etc/shadow could get at it anyway. I'm sure alot of people would be very anxious to know if you know of a way to do that...
The salt is known, just not by an unpriveledged user. But if you can access /etc/shadow, then you know the salt and the hashed passwords. The salt is added (dunno where in the original string) to the password prior to hashing. Then the salt is prepended to the hased value and stored somewhere, in your case, /etc/shadow. For a salt to be usable, you have to know what it is. Secure hashes are "one way" which means that you shouldn't be able to derive the original text solely from the hash value. To create password: create 2 byte salt from ASCII -> prepend salt to password -> hash salt+password with MD5 -> prepend salt to hash value -> store it. To check password: get username and password -> lookup hash string using username from /etc/shadow -> get salt from hash value -> hash salt+password with MD5 -> compare value computed hash value from stored hash value -> If match, user authenticated, if not, user not authenticated. So if you hash a password with a salt, and then lose the salt, you can never check the password again. You have to know salt. Since the salt is known, it has no effect on the "keyspace" because you don't have to guess it. If there was no salt, then pre-computing a dictionary is a much smaller task. mike
Current thread:
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, (continued)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Joshua D. Drake (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Lance James (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tino Wildenhain (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Rod Taylor (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Tino Wildenhain (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Michael Samuel (Apr 22)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble (Apr 21)
- RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 21)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 21)
- RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 22)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 22)
- RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 22)
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble (Apr 22)