Bug#260356: The md5crypt command appears to generate invalid encrypted passwords
Andrew Pollock
Andrew Pollock <apollock@debian.org>, 260356@bugs.debian.org
Tue, 20 Jul 2004 16:14:30 +1000
Package: grub
Version: 0.95+cvs20040624-3
Severity: normal
Hi,
>From what I can determine, the md5crypt command is generating an
encrypted password with a salt length of 6 characters, whereas a true
MD5 password has a salt length of 8 characters.
Furthermore, if I generate such an encrypted password with the md5crypt
command and bung it in menu.lst with a password --md5 directive, it
doesn't appear to actually work (i.e. GRUB doesn't accept the password
as correct when you try to enter it in after pressing 'p').
If I generate an MD5 password with mkpasswd from whois, and put that in
menu.lst, it does work. mkpasswd generates an MD5 password with an 8
character long salt.
regards
Andrew
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.6-1-686
Locale: LANG=en_AU, LC_CTYPE=en_AU
Versions of packages grub depends on:
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand
-- no debconf information