[tac_plus] Patch for md5 salt in tac_pwd

[Daniel Schmidt]

Actually, 6 is not DES, it's SHA-512.  Works great on my cent5.  Good
point, I guess salt can be up to 16.  Thought I read that linux logins use
8, so that's what I picked.

I really was not motivated to make the best hash possible, I only wanted
something that was like tac_pwd, was cgi, and oh, hey, why not make it
stronger encryption at the same time.  (My first revision actually was
md5) Salt, shmalt - it's stronger than MD5 and messing with the salt would
take upwards of another 15 minutes.  I'm just not that motivated. :-)

-----Original Message-----
From: nicotine at radiological.warningg.com
[mailto:nicotine at radiological.warningg.com] On Behalf Of Brandon Ewing
Sent: Wednesday, May 04, 2011 12:28 PM
To: Daniel Schmidt
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Patch for md5 salt in tac_pwd

On Wed, May 04, 2011 at 10:38:44AM -0600, Daniel Schmidt wrote:
> Good idea, tac_pwd has needed an update.  Last I asked, I believe
> Heasley had a good point about compatibility, but I can't remember what
it was.
>
> I wrote a simple python cgi script that outputs long hashes - not sure
> if anybody might find that useful.  Useful only for the truly paranoid
> who think md5 is not strong enough.  Also useful if your just want to
> send your users a URL instead of having them login to type their
password.
> Cent5.
>
> I was going to mess with the salt length but then I got lazy & 8
> seemed like a good number.  Was also going to have it edit
> tac_plus.conf but, again, lazy. (and busy)  Plz send feedback if:
(knowledge_crypto > mine).
>
> http://pastie.org/1864642
>

Does Python's crypt module rely on the underlying system library's crypt?
http://docs.python.org/release/2.5.2/lib/module-crypt.html seems to imply
so.

My "man 3 crypt" doesn't mention salts prefixed with $6$ -- see also
http://www.gnu.org/s/hello/manual/libc/crypt.html -- either a two
character salt is used (DES), or a 3 to 8 character salt, prefixed with
$1$ and optionally terminated with $ (MD5).  You might be on a system that
has a more robust crypt() than I that supports other encryption options --
but both the system running your script, and the system with the TACACS
daemon running on it require compatible crypt() functions.

Additionally, for the strongest salt, you should choose randomly from the
full salt character set -- [./a-zA-Z0-9] -- it appears that you are using
an artificially limited salt set, which could make a collision more likely
(two users with the same password and same salt).  Also, smaller salts
mean smaller rainbow tables could be generated to defeat it, but I'm not
an expert on cryptographic attacks and their feasibility.



-- 
Brandon Ewing
(nicotine at warningg.com)