Přímý přenos z konference OpenAlt 2024, jež probíhá tento víkend v prostorách FIT VUT v Brně. Na programu je spousta zajímavých přednášek. Pokud jste v Brně, stavte se. Vstup zdarma.
V Coloradu unikla hesla k volebním počítačům. Více než 2 měsíce byla tabulka se stovkami hesel do BIOSu volně na webových stránkách. Dle úřadu je potřeba ještě druhé heslo, takže se o žádnou bezprostřední bezpečnostní hrozbu pro volby nejedná [Ars Technica].
Apple kupuje Pixelmator Team stojící za grafickými editory Pixelmator, Pixelmator Pro a Photomator.
Apple představil nový MacBook Pro s čipy M4, M4 Pro a M4 Max.
Na GOG.com běží Halloween Sale 2024. Při té příležitosti lze získat zdarma počítačovou hru Return of the Phantom.
Společnost OpenAI spustila internetový vyhledávač ChatGPT search.
Konference OpenAlt 2024 proběhne již tento víkend 2. a 3. listopadu v prostorách FIT VUT v Brně. Začíná ale už v pátek na warm-up party ve Studentském klubu u Kachničky v 17:00. Pokud jste ještě areál FITu nenavštívili, k dispozici jsou pokyny k orientaci. Na programu je 54 přednášek a workshopů. Témata jsou od silně technických témat jako je třeba GCC nebo PostgreSQL po méně technické témata jako eGovernment, nebo třeba detailní analýzu … více »
Byla vydána nová verze 6.9 živé linuxové distribuce Tails (The Amnesic Incognito Live System), jež klade důraz na ochranu soukromí uživatelů a anonymitu. Přehled změn v příslušném seznamu. Tor Browser byl povýšen na verzi 14.0.1. Tor client na verzi 0.4.8.13. Thunderbird na verzi 115.16.0.
Vývojáři free a open source synchronizačního nástroje (a p2p náhrady Dropboxu) Syncthing oznámili, že z důvodu odporu ze strany Google Play ukončují podporu OS Android. Bohužel v rámci toho zmizí i vydání Syncthing na F-Droid, který má slabší uživatelskou základnu. Syncthing je na Androidu implementován formou wrapper aplikace, která spustí Syncthing démon, vyžádá potřebná oprávnění a zpřístupní webové rozhraní démona. Ve srovnání se
… více »V červnu 2022 bylo oznámeno, že z K-9 Mailu se stane Thunderbird pro Android. Trvalo to poněkud déle, než vývojáři předpokládali, ale včera byl první stabilní Thunderbird pro Android 8.0 vydán.
/etc/shadowzkousel jsem
echo "mojeheslo" | md5sumale vysledek se neshodoval se zaznamem v souboru shadow. Zajimalo by me jakym zpusobem se vytvareji zasifrovana hesla. Mam distribuci Ubuntu 7.10
$ cat /etc/pam.d/common-password # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # The "md5" option enables MD5 passwords. Without this option, the # default is Unix crypt. # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # You can also use the "min" option to enforce the length of the new # password. # # See the pam_unix manpage for other options. password required pam_unix.so nullok obscure md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5Diky za vysvetleni!
$1$
chpasswd
nebo si můžete napsat vlastní nadstavbu nad knihovní funkci crypt()
. Pokud vám jde o pochopení používaných algoritmů, tak to není na odpověď do poradny, spíš na článek.
$ chpasswd bash: chpasswd: command not found $ apt-cache search chpasswd $
deb http://ftp.cz.debian.org/debian jessie main contrib non-free
$ chpasswd bash: chpasswd: command not found $ whereis chpasswd chpasswd: /usr/sbin/chpasswd /usr/share/man/man8/chpasswd.8.gz $
deb http://ftp.cz.debian.org/debian jessie main contrib non-free
/* * Encrypt the password, then wipe the cleartext password. */ cp = pw_encrypt (pass, crypt_make_salt ()); memzero (pass, sizeof pass);A když se podívaš jak je definovaná funkce pw_encrypt v souboru contrib/pwdauth.c tak zjištíš zaprvé
/* * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt(). * pw_encrypt() is like the standard crypt(), except that it may * support better password hashing algorithms. ...Takže jde vlastne o standartni fci z glibc, o ktere si muzeme precist nasledujici text z glibc manualu..
32.3 Encrypting Passwords ========================= -- Function: char * crypt (const char *KEY, const char *SALT) The `crypt' function takes a password, KEY, as a string, and a SALT character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a KEY that will produce that output is to guess values of KEY until the original value of KEY is found. The SALT parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a SALT, an intruder can make a guess, run `crypt' on it once, and compare the result with all the passwords. With a SALT, the intruder must run `crypt' once for each different salt. For the MD5-based algorithm, the SALT should consist of the string `$1$', followed by up to 8 characters, terminated by either another `$' or the end of the string. The result of `crypt' will be the SALT, followed by a `$' if the salt didn't end with one, followed by 22 characters from the alphabet `./0-9A-Za-z', up to 34 characters total. Every character in the KEY is significant. For the DES-based algorithm, the SALT should consist of two characters from the alphabet `./0-9A-Za-z', and the result of `crypt' will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the KEY are significant. The MD5-based algorithm has no limit on the useful length of the password used, and is slightly more secure. It is therefore preferred over the DES-based algorithm. When the user enters their password for the first time, the SALT should be set to a new string which is reasonably random. To verify a password against the result of a previous call to `crypt', pass the result of the previous call as the SALT. The following short program is an example of how to use `crypt' the first time a password is entered. Note that the SALT generation is just barely acceptable; in particular, it is not unique between machines, and in many applications it would not be acceptable to let an attacker know what time the user's password was last set. #include <stdio.h> #include <time.h> #include <unistd.h> #include <crypt.h> int main(void) { unsigned long seed[2]; char salt[] = "$1$........"; const char *const seedchars = "./0123456789ABCDEFGHIJKLMNOPQRST" "UVWXYZabcdefghijklmnopqrstuvwxyz"; char *password; int i; /* Generate a (not very) random seed. You should do it better than this... */ seed[0] = time(NULL); seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000); /* Turn it into printable characters from `seedchars'. */ for (i = 0; i < 8; i++) salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f]; /* Read in the user's password and encrypt it. */ password = crypt(getpass("Password:"), salt); /* Print the results. */ puts(password); return 0; } The next program shows how to verify a password. It prompts the user for a password and prints "Access granted." if the user types `GNU libc manual'. #include <stdio.h> #include <string.h> #include <unistd.h> #include <crypt.h> int main(void) { /* Hashed form of "GNU libc manual". */ const char *const pass = "$1$/iSaq7rB$EoUw5jJPPvAPECNaaWzMK/"; char *result; int ok; /* Read in the user's password and encrypt it, passing the expected password in as the salt. */ result = crypt(getpass("Password:"), pass); /* Test the result. */ ok = strcmp (result, pass) == 0; puts(ok ? "Access granted." : "Access denied."); return ok ? 0 : 1; } -- Function: char * crypt_r (const char *KEY, const char *SALT, struct crypt_data * DATA) The `crypt_r' function does the same thing as `crypt', but takes an extra parameter which includes space for its result (among other things), so it can be reentrant. `data->initialized' must be cleared to zero before the first time `crypt_r' is called. The `crypt_r' function is a GNU extension. The `crypt' and `crypt_r' functions are prototyped in the header `crypt.h'.Z cehoz teda vyplyva ze hash jednoho retezce muze byt ruzny, protoze zalezi jeste na salt, ktery se voli pri tvorbe toho hesla.. navic muze heslo byt DES nebo MD5. Takze obycejnym hranim si s pipe a md5sum to asi nepujde.. Pro dalsi info doporucuju stahnout si manual ke gnu libc a cist..
gcc -lcrypt -o checkPasswd checkPasswd.c
Dostal jsem pocitac na kterem je jakasi stara distribuce linuxu. A nemam k tomu heslo.
Kdyz z neho vyndam HDD, pripojim si ho do sveho pocitace, a stahnu si soubor /etc/passwd a shadow. Tak bez zdrojovych kodu te stare distribuce nemam sanci zmenit rootovske heslo, nebo pridat si vlastni ucet?root password (or type Ctrl-D to continue):
a-zA-Z0-9./
', je to DES. Je-li na začátku $2a$
, je to blowfish. Je-li tam něco jiného, bude to něco jiného.
a-zA-Z0-9/.
' a je-li jich třináct, pak je to téměř jistě tradiční DES.
chpasswd
(OpenSuSE 10.3) se podle dokumentace (i podle pokusů) řídí souborem /etc/default/passwd
a není-li tam algoritmus definován, použije DES. Neoznačil bych to za díru pam_unix2
, ale spíš za chybu (nebo vlastnost - podle vkusu) chpasswd
(že se neřídí PAM).
chpasswd
nastavení CRYPT
bere v úvahu i při změně hesla, přestože by ho podle dokumentace měl použít jen v případě, že v /etc/shadow
zatím žádný hash není… :-)
. |-- b.lrp |-- cur.lrp |-- dhcpd.lrp |-- etc.lrp |-- etherw.lrp |-- initrd.lrp |-- ipsec.lrp |-- iptables.lrp |-- ldlinux.sys |-- linux |-- local.lrp |-- m.lrp |-- mawk.lrp |-- mc.lrp |-- modules.lrp |-- netutils.lrp |-- nmap.lrp |-- pcmcia.lrp |-- qos-htb.lrp |-- readme |-- root.lrp |-- router.tar |-- ssh.lrp |-- sshd.lrp |-- sshkey.lrp |-- syslinux.cfg |-- syslinux.dpy |-- t.lrp |-- tc.lrp |-- tcpdump.lrp |-- vypis |-- wireless.lrp |-- wireutil.lrp `-- zebedee.lrpA zde rozbalene lrp soubory:
|-- bin | |-- POSIXness | |-- ae | |-- df | |-- e3 | |-- e3em -> e3 | |-- e3ne -> e3 | |-- e3pi -> e3 | |-- e3vi -> e3 | |-- e3ws -> e3 | |-- edit | |-- editor -> e3ne | |-- grep | |-- netstat | |-- ping | |-- run-parts | |-- tinylogin | |-- vi | `-- zebedee |-- etc | |-- | |-- POSIXness.conf | |-- adjtime | |-- cron.d | | |-- cbq | | |-- multicron | | `-- ntpdate | |-- cron.daily | | `-- multicron-d | |-- cron.monthly | | `-- multicron-m -> ../cron.daily/multicron-d | |-- cron.weekly | | `-- multicron-w -> ../cron.daily/multicron-d | |-- crontab | |-- default | | |-- ntp-servers | | |-- pcmcia | | `-- rcS | |-- dhcpd.conf | |-- exports | |-- fstab | |-- group | |-- gshadow | |-- host.conf | |-- hostname | |-- hosts | |-- hosts.allow | |-- hosts.deny | |-- inetd.conf | |-- init.d | | |-- bootmisc.sh | | |-- cbq.init | | |-- checkroot.sh | | |-- cron | | |-- dhcpd | | |-- dyna-tx | | |-- firewall | | |-- halt | | |-- hostname.sh | | |-- htb.init | | |-- hwclock | | |-- ifupdown | | |-- inetd | | |-- ipsec | | |-- modutils | | |-- mountall.sh | | |-- mountnfs.sh | | |-- networking | | |-- ntpdate | | |-- pcmcia | | |-- rc | | |-- rcS | | |-- reboot | | |-- rmnologin | | |-- sendsigs | | |-- single | | |-- sshd | | |-- sysklogd | | |-- umountfs | | |-- urandom | | `-- watchdog | |-- inittab | |-- ioctl.save | |-- iproute2 | | |-- rt_dsfield | | |-- rt_protos | | |-- rt_realms | | |-- rt_scopes | | `-- rt_tables | |-- ipsec | |-- ipsec.conf | |-- ipsec.secrets | |-- issue | |-- issue.net | |-- localtime | |-- lrp.conf | |-- modules | |-- motd | |-- multicron-p -> cron.daily/multicron-d | |-- network | | |-- if-down.d | | |-- if-post-down.d | | | `-- bridge | | |-- if-pre-up.d | | | |-- bridge | | | `-- wireless | | |-- if-up.d | | | `-- bridge | | |-- ifstate | | |-- interfaces | | `-- options | |-- networks | |-- nsswitch.conf | |-- passwd | |-- pcmcia | | |-- cis | | | |-- 3CCFEM556.dat | | | |-- 3CXEM556.dat | | | |-- COMpad2.dat | | | |-- COMpad4.dat | | | |-- DP83903.dat | | | |-- E-CARD.dat | | | |-- LA-PCM.dat | | | |-- MT5634ZLX.dat | | | |-- NE2K.dat | | | |-- PCMLM28.dat | | | |-- PE-200.dat | | | |-- PE520.dat | | | |-- RS-COM-2P.dat | | | `-- tamarack.dat | | |-- config | | |-- config.opts | | |-- fw.conf | | |-- network | | |-- serial | | |-- shared | | |-- wireless | | `-- wireless.opts | |-- profile | |-- protocols | |-- psdevtab | |-- rc.boot | |-- rc0.d | |-- rc1.d | |-- rc2.d | |-- rc3.d | |-- rc4.d | |-- rc5.d | |-- rc6.d | |-- rcS.d | |-- resolv.conf | |-- rpc | |-- securetty | |-- services | |-- shadow | |-- shadow- | |-- shells | |-- shorewall | |-- ssh | | |-- authorized_keys | | |-- moduli | | |-- ssh_config | | |-- ssh_host_dsa_key | | |-- ssh_host_dsa_key.pub | | |-- ssh_host_key | | |-- ssh_host_key.pub | | |-- ssh_host_rsa_key | | |-- ssh_host_rsa_key.pub | | `-- sshd_config | |-- sysconfig | | |-- cbq | | `-- htb | | |-- eth0 | | |-- eth0-2.root | | |-- eth0-2:10.minlatency | | |-- eth0-2:20.maxthroughput | | |-- eth0-2:30.www | | |-- eth0-2:40.default | | |-- eth1 | | |-- eth1-2.root | | |-- eth1-2:10.minlatency | | |-- eth1-2:20.maxthroughput | | |-- eth1-2:30.www | | |-- eth1-2:40.default | | |-- eth2 | | |-- eth2-2.root | | |-- eth2-2:10.minlatency | | |-- eth2-2:20.maxthroughput | | |-- eth2-2:30.www | | `-- eth2-2:40.default | `-- syslog.conf |-- initrd |-- install | `-- doinst.sh |-- ldlinux.sys |-- lib | |-- POSIXness | | |-- POSIXness.linuxrouter | | |-- POSIXness.mail | | `-- POSIXness.system | |-- ipsec | | |-- _confread | | |-- _copyright | | |-- _include | | |-- _keycensor | | |-- _pluto_adns | | |-- _plutoload | | |-- _plutorun | | |-- _realsetup | | |-- _secretcensor | | |-- _startklips | | |-- _updown | | |-- _updown.x509 | | |-- auto | | |-- barf | | |-- eroute | | |-- ikeping | | |-- ipsec | | |-- ipsec_pr.template | | |-- klipsdebug | | |-- look | | |-- manual | | |-- newhostkey | | |-- pf_key | | |-- pluto | | |-- ranbits | | |-- rsasigkey | | |-- send-pr | | |-- setup -> /etc/init.d/ipsec | | |-- showdefaults | | |-- showhostkey | | |-- spi | | |-- spigrp | | |-- tncfg | | `-- whack | |-- iptables | | |-- libipt_DNAT.so | | |-- libipt_DSCP.so | | |-- libipt_ECN.so | | |-- libipt_LOG.so | | |-- libipt_MARK.so | | |-- libipt_MASQUERADE.so | | |-- libipt_MIRROR.so | | |-- libipt_REDIRECT.so | | |-- libipt_REJECT.so | | |-- libipt_SAME.so | | |-- libipt_SNAT.so | | |-- libipt_TARPIT.so | | |-- libipt_TCPMSS.so | | |-- libipt_TOS.so | | |-- libipt_TTL.so | | |-- libipt_ULOG.so | | |-- libipt_ah.so | | |-- libipt_conntrack.so | | |-- libipt_dscp.so | | |-- libipt_ecn.so | | |-- libipt_esp.so | | |-- libipt_helper.so | | |-- libipt_icmp.so | | |-- libipt_iplimit.so | | |-- libipt_length.so | | |-- libipt_limit.so | | |-- libipt_mac.so | | |-- libipt_mark.so | | |-- libipt_multiport.so | | |-- libipt_owner.so | | |-- libipt_physdev.so | | |-- libipt_pkttype.so | | |-- libipt_quota.so | | |-- libipt_rpc.so | | |-- libipt_standard.so | | |-- libipt_state.so | | |-- libipt_stealth.so | | |-- libipt_tcp.so | | |-- libipt_tcpmss.so | | |-- libipt_tos.so | | |-- libipt_ttl.so | | |-- libipt_udp.so | | `-- libipt_unclean.so | |-- libcrypt-2.0.7.so | |-- libcrypt.so.1 -> libcrypt-2.0.7.so | |-- libdl-2.0.7.so | |-- libdl.so.2 -> libdl-2.0.7.so | |-- libm-2.0.7.so | |-- libm.so.6 -> libm-2.0.7.so | |-- libncurses.so.3.4 -> libncurses.so.4 | |-- libncurses.so.4 | |-- libnss_dns-2.0.7.so | |-- libnss_dns.so.1 -> libnss_dns-2.0.7.so | |-- libnss_files-2.0.7.so | |-- libnss_files.so.1 -> libnss_files-2.0.7.so | |-- libproc.so.1.2.6 | |-- libresolv-2.0.7.so | |-- libresolv.so.2 -> libresolv-2.0.7.so | |-- libss.so.2 -> libss.so.2.0 | |-- libss.so.2.0 | |-- libutil-2.0.7.so | |-- libutil.so.1 -> libutil-2.0.7.so | |-- modules | `-- zebedee | `-- server.zbd |-- linux |-- null |-- readme |-- root |-- sbin | |-- arp | |-- cardmgr | |-- clock -> ./hwclock | |-- halt | |-- htb.init | |-- hwclock | |-- ifconfig | |-- ifdown -> ifup | |-- ifup | |-- init | |-- ip | |-- ipsec | |-- iptables | |-- iwconfig | |-- iwevent | |-- iwgetid | |-- iwlist | |-- iwpriv | |-- iwspy | |-- killall5 | |-- klogd | |-- mkswap | |-- pidof -> killall5 | |-- reboot | |-- route | |-- runlevel | |-- shutdown | |-- start-stop-daemon | |-- swapon | |-- syslogd | |-- tc | `-- telinit -> init |-- syslinux.cfg |-- syslinux.dpy |-- usr | |-- adm -> ../var/log | |-- bin | | |-- awk -> /usr/bin/mawk | | |-- backupdisk | | |-- column | | |-- fdformat | | |-- find | | |-- makekey | | |-- mawk | | |-- mc | | |-- mcmfmt | | |-- mcserv | | |-- nmap | | |-- savelog | | |-- scp | | |-- ssh | | |-- ssh-keygen | | |-- top | | `-- xargs | |-- etc | | `-- mc.global | |-- lib | | `-- mc | | |-- bin | | | |-- cons.saver | | | |-- mc.csh | | | |-- mc.sh | | | `-- mcfn_install | | |-- desktop-scripts | | | |-- README.desktop | | | `-- startup.links | | |-- edit.indent.rc | | |-- extfs | | | |-- a | | | |-- deb | | | |-- extfs.ini | | | |-- ftplist | | | |-- hp48 | | | |-- lslR | | | |-- mailfs | | | |-- patchfs | | | |-- readme | | | |-- rpm | | | |-- rpms | | | |-- sfs.ini | | | |-- trpm | | | |-- uar | | | |-- uarj | | | |-- ucpio | | | |-- uha | | | |-- ulha | | | |-- unarj.diff | | | |-- urar | | | |-- uzip | | | `-- uzoo | | |-- faq | | |-- mc-gnome.ext | | |-- mc.csh | | |-- mc.ext | | |-- mc.hint | | |-- mc.hint.cs | | |-- mc.hint.es | | |-- mc.hint.ru | | |-- mc.hlp | | |-- mc.lib | | |-- mc.menu | | |-- mc.sh | | |-- syntax | | | |-- ada95.syntax | | | |-- c.syntax | | | |-- changelog.syntax | | | |-- diff.syntax | | | |-- fortran.syntax | | | |-- html.syntax | | | |-- java.syntax | | | |-- latex.syntax | | | |-- lsm.syntax | | | |-- mail.syntax | | | |-- makefile.syntax | | | |-- ml.syntax | | | |-- nroff.syntax | | | |-- pascal.syntax | | | |-- perl.syntax | | | |-- python.syntax | | | |-- sh.syntax | | | |-- smalltalk.syntax | | | |-- swig.syntax | | | |-- texinfo.syntax | | | `-- unknown.syntax | | `-- term | | |-- README.xterm | | |-- ansi.ti | | |-- linux.ti | | |-- vt100.ti | | |-- xterm.ad | | |-- xterm.tcap | | `-- xterm.ti | |-- local | | `-- bin | | |-- bmon | | |-- fw | | `-- telnet | |-- sbin | | |-- brctl | | |-- cron | | |-- dhcpd | | |-- ether-wake | | |-- icmpinfo | | |-- inetd | | |-- lrcfg | | |-- lrcfg.back | | |-- lrcfg.back.initrd | | |-- lrcfg.back.script | | |-- lrcfg.conf | | |-- lrcfg.conf.packs | | |-- ntpdate | | |-- ntptimeset | | |-- sshd | | |-- tcpd | | |-- tcpdump | | |-- ticker | | |-- traceroute | | `-- watchdog | `-- share | |-- idl | | |-- FileManager.idl | | `-- Makefile.in | |-- locale | | |-- cs | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- da | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- el | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- ko | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- no | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- pt_BR | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- sk | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- sv | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- tr | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- uk | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- wa | | | `-- LC_MESSAGES | | | `-- mc.mo | | |-- zh_CN.GB2312 | | | `-- LC_MESSAGES | | | `-- mc.mo | | `-- zh_TW.Big5 | | `-- LC_MESSAGES | | `-- mc.mo | `-- terminfo | |-- l | | `-- linux | |-- v | | `-- vt100 | `-- x | `-- xterm |-- var | |-- cache | | `-- htb.init | |-- cbq.init | |-- cbq.init-cache | |-- lib | | |-- lrpkg | | | |-- brg.conf | | | |-- brg.list | | | |-- cur.list | | | |-- dhcpd.conf | | | |-- dhcpd.exclude.list | | | |-- dhcpd.help | | | |-- dhcpd.list | | | |-- dhcpd.version | | | |-- etc.exclude.list | | | |-- etc.help | | | |-- etc.list | | | |-- etc.version -> root.version | | | |-- etherw.help | | | |-- etherw.list | | | |-- ipsec.conf | | | |-- ipsec.help | | | |-- ipsec.list | | | |-- ipsec.version | | | |-- iptables.help | | | |-- iptables.list | | | |-- iptables.version | | | |-- local.list | | | |-- m.list | | | |-- mawk.list | | | |-- mawk.version | | | |-- modules.conf | | | |-- modules.exclude.list | | | |-- modules.help | | | |-- modules.list | | | |-- modules.version -> root.version | | | |-- netutils.list | | | |-- nmap.list | | | |-- nmap.version | | | |-- pcmcia.conf | | | |-- pcmcia.help | | | |-- pcmcia.list | | | |-- pcmcia.version | | | |-- qos-htb.help | | | |-- qos-htb.list | | | |-- qos-htb.version | | | |-- root.dev.mod | | | |-- root.dev.own | | | |-- root.exclude.list | | | |-- root.help | | | |-- root.list | | | |-- root.log.links | | | |-- root.net.conf | | | |-- root.pn.links | | | |-- root.sys.conf | | | |-- ssh.conf | | | |-- ssh.help | | | |-- ssh.list | | | |-- ssh.version | | | |-- sshd.conf | | | |-- sshd.help | | | |-- sshd.list | | | |-- sshd.version | | | |-- sshkey.help | | | |-- sshkey.list | | | |-- sshkey.version | | | |-- t.conf | | | |-- t.list | | | |-- tc.help | | | |-- tc.list | | | |-- tc.version | | | |-- tcpdump.help | | | |-- tcpdump.list | | | |-- tcpdump.version | | | |-- wireless.conf | | | |-- wireless.help | | | |-- wireless.list | | | |-- wireless.version | | | |-- wireutil.help | | | |-- wireutil.list | | | |-- wireutil.version | | | |-- zebedee.conf | | | |-- zebedee.help | | | |-- zebedee.list | | | `-- zebedee.version | | |-- misc | | | `-- pcmcia-scheme | | `-- random-seed | `-- spool | `-- cron | `-- crontabs
chpasswd -c des
') a zkopírujte ho do /etc/shadow
na cílovém systému.
http://www.gnu.org/software/libc/manual/html_node/crypt.html
- zde píšou, že DES algoritmus používá dva znaky pro "salt" a zbylych 11 je heslo.
Z uvedených zdrojových kódu v jednom z příspěvku je zřejmé, že se "salt" přidá ještě k nezašifrovanému heslu. Ovšem pořád mi není jasný ten mechanismus ověřování zašifrovaného hesla které obsahuje "salt".
Heslo je zašifrováno takto: UlozeneHeslo = crypt(getpass("Password:"), salt);Není mi ale jasné, jak systém určí, jaká hodnota "salt" byla použita při šifrování daného heslo, když je pak to heslo zpětně ověřováno:
ZadaneHeslo = crypt(getpass("Password:"), salt); ok = strcmp (ZadaneHeslo, UlozeneHeslo) == 0; ...
crypt()
zadáte uložený hash hesla ze systémové tabulky. Funkce crypt()
z něj použije pouze hodnotu salt.
/* Read in the user's password and encrypt it, passing the expected password in as the salt. */ result = crypt(getpass("Password:"), pass);Pořád ale nechápu, jak funkce
crypt
dokáže z řetězce pass
najít hodnotu salt
, když řetězec pass
je zašifrovaný řetězec obsahující heslo a hodnotu salt
. Nebo ona snad hodnota salt
se přidává již k zašifrovanému heslu?
Tiskni Sdílej: