[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: md5 BSD passwd was [crypt MD5 passwords: invalid credentials]
On Wed, 28 Mar 2001, Paulo Matos wrote:
> wcoole> I can see why you'd think that. It looks like OpenSSL 0.9.6 supports MD5
> wcoole> passwords now to; I see in the change log:
> wcoole>
> wcoole> *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
> wcoole> [Bodo Moeller]
>
> This is indeed true, openssl-0.9.6 can generate '$1$.....' passwd.
> I think the problem is when you have to use function crypt(3), the
> salt where the 2 first chars, and now the salt is $1$.....$ (variable).
I was wrong! It has an error on BSD-style MD5 passwd generation on
openssl-0.9.6! The explanation is bellow:
|
|[From openssl-users list]
|
|> Changes between 0.9.7 and 0.9.6 (from CVS)
|> *) Fix 'openssl passwd -1'.
|> [Bodo Moeller]
|>
|> Changes between 0.9.6 and 0.9.5a
|> *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
|> [Bodo Moeller]
|>
|> What was wrong?
|
|The version in OpenSSL 0.9.6 incorrectly assumed that the magic string
|was 4 bytes long (which is correct for the Apache variant ["apr1"],
|but not for the original scheme ["1"]).
|
|--
|Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de>
|
I tested 'openssl-0.9.6a-beta2' and the passwd is now working
correctly.
--
Paulo Matos
----------------------------------- ----------------------------------
|Sys & Net Admin | Serviço de Informática |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346 |
|Universidade Nova de Lisboa | Fax: +351-21-2948548 |
|P-2825-114 Caparica | e-Mail: pjsm@fct.unl.pt |
----------------------------------- ----------------------------------