[Pkg-shadow-devel] Bug#505640: Bug#505640: closed by Nicolas François <nicolas.francois at centraliens.net> (Re: Bug#505640: generate hashed passwords to stdout for other tools)
Kees Cook
kees at debian.org
Mon Apr 6 19:30:49 UTC 2009
On Mon, Apr 06, 2009 at 06:59:01AM +0200, Nicolas François wrote:
> On Sun, Apr 05, 2009 at 06:03:56PM -0700, kees at debian.org wrote:
> > On Sun Apr 5, 2009, Nicolas François said:
> > > On Thu, Nov 13, 2008 at 04:43:51PM -0800, Kees Cook wrote:
> > > > There are situations where a non-root user needs to generate an encrypted
> > > > password using the current system configuration (i.e. following the
> > > > settings in /etc/login.defs). As an example, liboobs passes an encrypted
> > > > password to system-tools-backends which then calls "chpasswd -e".
> > >
> > > This feature is provided by mkpasswd.
> >
> > I don't agree with this -- mkpasswd takes a salt as an input, which means
> > knowledge of the salt must be external to mkpasswd. For tools like
> > system-tools-backends, there needs to be an agnostic way to generate a
> > hashed password (including salt) from a given plain text.
>
> mkpasswd takes a salt in input if a salt is provided. Otherwise, it just
> generates its own salt.
> And unless proved otherwise, this salt is as good as shadow's one.
>
> For example:
> echo test | mkpasswd -m SHA-256 -s
Ah, yes, you seem to be right about salt -- it is handled. However,
there is still the case of choosing the system-configured hash method.
> > While certainly true, there is still a need external to PAM, for
> > this utility. By this rationale, /etc/login.defs should not include
> > ENCRYPT_METHOD or any other crypt/hash-related knowledge,
>
> I'm targeting this.
What are your thoughts on how to detect what PAM has configured as the
default hash method for pam_unix.so?
> The main functionality of a salt is randomness. I really do not see a
> need to standardize this randomness, and the salt from mkpasswd is good
> enough for me.
Right, my concern was the length of the salt -- it depends on the hash
method. However, it seems that mkpasswd handles this. (Why is this tool
in "whois"?!)
Speaking for randomness, I think mkpasswd is totally wrong:
srand(time(NULL) + getpid());
This needs to at least use /dev/urandom, or sec+usec as done in shadow.
I don't feel that mkpasswd is a viable replacement.
> I would not recommend to use the shadow tools to generate hashed password
> for algorithm that may not be supported by the authentication system,
> which is why I would like to move the ENCRYPT_METHOD configuration out on
> PAM enabled systems.
Right, this is only sane for supported hashing methods, but PAM tracks
glibc in this regard, so I'm not worried.
--
Kees Cook @debian.org
More information about the Pkg-shadow-devel
mailing list