Re: user authentication via /etc/passwd|/etc/shadow
From: Marco Herrn (herrn_at_gmx.net)
Date: 04/06/04
- Next message: Mike Nishizawa: "Re: OFF-TOPIC:: Why Lisp is not my favorite programming language"
- Previous message: John J. Lee: "Re: Calling python module in cgi script"
- In reply to: QMartin_v=2E_L=F6wis=22?=: "Re: user authentication via /etc/passwd|/etc/shadow"
- Next in thread: Ng Pheng Siong: "Re: user authentication via /etc/passwd|/etc/shadow"
- Reply: Ng Pheng Siong: "Re: user authentication via /etc/passwd|/etc/shadow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 6 Apr 2004 20:52:54 GMT
On 2004-04-04, Martin v. Löwis <martin@v.loewis.de> wrote:
> You need a combination of the pwd and crypt modules. Lookup the name
> of the user using the pwd module, and fetch the encrypted password.
> Then use crypt.crypt for encryption; use the first two letters of
> the encrypted password as the salt.
>
> Be aware that some installations use MD5 passwords, which can be
> recognized by starting with $1$ (or some such).
A question to this md5 and sha1 hashed passwords. The python modules for
these are different to the crypt module. Especially there is no salt. So
how would I compare a given password to a given hash? Just rehash the
password? Would the hash always be the same? I thought the salt was
there to improve security.
And how can I distinguish a these hash methods? For example I have a
hash. How do I find out which hash method was used for this? As I have
seen md5 hashs are always 128 bit long. When I have such a hash in hex
form, can I say if that hash string has a length of 32 it is definitely
a md5 hash, a length of 40 indicating a sha hash and a length of 13
indicating a crypt() hash?
And what about the prefix $1$ for md5? When this is available just cut
it off the hash? Are there any other forms of such prefixes?
Sorry for this lot of questions. ;-)
Marco
-- Marco Herrn herrn@gmx.net (GnuPG/PGP-signed and crypted mail preferred) Key ID: 0x94620736
- Next message: Mike Nishizawa: "Re: OFF-TOPIC:: Why Lisp is not my favorite programming language"
- Previous message: John J. Lee: "Re: Calling python module in cgi script"
- In reply to: QMartin_v=2E_L=F6wis=22?=: "Re: user authentication via /etc/passwd|/etc/shadow"
- Next in thread: Ng Pheng Siong: "Re: user authentication via /etc/passwd|/etc/shadow"
- Reply: Ng Pheng Siong: "Re: user authentication via /etc/passwd|/etc/shadow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
