[tac_plus] Patch for md5 salt in tac_pwd

Thu May 5 22:43:58 UTC 2011

I find that "openssl passwd" is a fine substitute for any and all hashing apps 
out there :-) Why rework the wheel?

With one exception: I haven't gotten openssl to do Apache digest hashes 
correctly yet, but that's a topic for a different mailing list altogether.

Apparently, though unproven, at 22:50 on Thursday 05 May 2011, Daniel Schmidt 
did opine thusly:

> Actually, 6 is not DES, it's SHA-512.  Works great on my cent5.  Good
> point, I guess salt can be up to 16.  Thought I read that linux logins use
> 8, so that's what I picked.
> 
> I really was not motivated to make the best hash possible, I only wanted
> something that was like tac_pwd, was cgi, and oh, hey, why not make it
> stronger encryption at the same time.  (My first revision actually was
> md5) Salt, shmalt - it's stronger than MD5 and messing with the salt would
> take upwards of another 15 minutes.  I'm just not that motivated. :-)
> 
> -----Original Message-----
> From: nicotine at radiological.warningg.com
> [mailto:nicotine at radiological.warningg.com] On Behalf Of Brandon Ewing
> Sent: Wednesday, May 04, 2011 12:28 PM
> To: Daniel Schmidt
> Cc: tac_plus at shrubbery.net
> Subject: Re: [tac_plus] Patch for md5 salt in tac_pwd
> 
> On Wed, May 04, 2011 at 10:38:44AM -0600, Daniel Schmidt wrote:
> > Good idea, tac_pwd has needed an update.  Last I asked, I believe
> > Heasley had a good point about compatibility, but I can't remember what
> 
> it was.
> 
> > I wrote a simple python cgi script that outputs long hashes - not sure
> > if anybody might find that useful.  Useful only for the truly paranoid
> > who think md5 is not strong enough.  Also useful if your just want to
> > send your users a URL instead of having them login to type their
> 
> password.
> 
> > Cent5.
> > 
> > I was going to mess with the salt length but then I got lazy & 8
> > seemed like a good number.  Was also going to have it edit
> 
> > tac_plus.conf but, again, lazy. (and busy)  Plz send feedback if:
> (knowledge_crypto > mine).
> 
> > http://pastie.org/1864642
> 
> Does Python's crypt module rely on the underlying system library's crypt?
> http://docs.python.org/release/2.5.2/lib/module-crypt.html seems to imply
> so.
> 
> My "man 3 crypt" doesn't mention salts prefixed with $6$ -- see also
> http://www.gnu.org/s/hello/manual/libc/crypt.html -- either a two
> character salt is used (DES), or a 3 to 8 character salt, prefixed with
> $1$ and optionally terminated with $ (MD5).  You might be on a system that
> has a more robust crypt() than I that supports other encryption options --
> but both the system running your script, and the system with the TACACS
> daemon running on it require compatible crypt() functions.
> 
> Additionally, for the strongest salt, you should choose randomly from the
> full salt character set -- [./a-zA-Z0-9] -- it appears that you are using
> an artificially limited salt set, which could make a collision more likely
> (two users with the same password and same salt).  Also, smaller salts
> mean smaller rainbow tables could be generated to defeat it, but I'm not
> an expert on cryptographic attacks and their feasibility.

-- 
alan dot mckinnon at gmail dot com