Password authentication using unix crypt - Aix

This is a discussion on Password authentication using unix crypt - Aix ; Hi, We have a database that contains all of the user ids and passwords. This database is residing in our AIX server. The password is encrypted using unix crypt function. And for whatever reason we use only one-character salt key, ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Password authentication using unix crypt

  1. Password authentication using unix crypt

    Hi,
    We have a database that contains all of the user ids and passwords.
    This database is residing in our AIX server. The password is
    encrypted using unix crypt function. And for whatever reason we use
    only one-character salt key, instead of two. For example,
    crypt(”test1234″, “a”). This produces result: aakhst1GufYjU in our
    database (the unix crypt always duplicate the single char salt to
    product two-char). However, the result is different from using two-
    char salt key: crypt("test1234", "aa") which produces result:
    aaGUTMncdkeWY.

    We are creating a web application and we want the same users to be
    able to access the app. In order to perform password authentication
    in the web app, we tried using various versions of crypt like perl,
    C#. However we are unable to do it successfully due to these versions
    of crypt follow strictly to two-character salt and behave differently
    from the unix's.

    We're stuck and hope someone can help. Thanks a millions!
    Y.Wei


  2. Re: Password authentication using unix crypt

    On 27 May, 10:13, "Y.Wei" wrote:
    > Hi,
    > We have a database that contains all of the user ids and passwords.
    > This database is residing in our AIX server. The password is
    > encrypted using unix crypt function. And for whatever reason we use
    > only one-character salt key, instead of two. For example,
    > crypt(”test1234″, “a”). This produces result: aakhst1GufYjU in our
    > database (the unix crypt always duplicate the single char salt to
    > product two-char). However, the result is different from using two-
    > char salt key: crypt("test1234", "aa") which produces result:
    > aaGUTMncdkeWY.
    >
    > We are creating a web application and we want the same users to be
    > able to access the app. In order to perform password authentication
    > in the web app, we tried using various versions of crypt like perl,
    > C#. However we are unable to do it successfully due to these versions
    > of crypt follow strictly to two-character salt and behave differently
    > from the unix's.
    >
    > We're stuck and hope someone can help. Thanks a millions!
    > Y.Wei


    The first answer which comes to mind is to change your existing app to
    use two letter salt and then expire the passwords for all existing
    users, forcing them to change passwords. You can honestly tell them
    that this is because of enhanced function. You may wish to stage this
    process so that not all users try to change their passwords on the
    same Monday morning. You could also take the opportunity to "upgrade"
    your password requirements.

  3. Re: Password authentication using unix crypt

    Y.Wei wrote:
    > We have a database that contains all of the user ids and passwords.
    > This database is residing in our AIX server. The password is
    > encrypted using unix crypt function. And for whatever reason we use
    > only one-character salt key, instead of two. For example,
    > crypt(?test1234?, ?a?). This produces result: aakhst1GufYjU in our
    > database (the unix crypt always duplicate the single char salt to
    > product two-char). However, the result is different from using two-
    > char salt key: crypt("test1234", "aa") which produces result:
    > aaGUTMncdkeWY.


    What makes you think that UNIX crypt will duplicate a single character?

    Yours,
    Laurenz Albe

  4. Re: Password authentication using unix crypt

    > What makes you think that UNIX crypt will duplicate a single character?
    >
    > Yours,
    > Laurenz Albe


    Laurenz,
    We found some postings in the web; this is one of them:
    http://www.unix.com/unix-dummies-que...on-method.html

    We further confirm it by running the perl script:

    $VAR{pass} = "test1234";
    $VAR{salt} = "a";
    $VAR{pass} = crypt($VAR{pass}, $VAR{salt});
    print $VAR{pass};

    Rgds, Y.Wei



  5. Re: Password authentication using unix crypt

    > The first answer which comes to mind is to change your existing app to
    > use two letter salt and then expire the passwords for all existing
    > users, forcing them to change passwords. You can honestly tell them
    > that this is because of enhanced function. You may wish to stage this
    > process so that not all users try to change their passwords on the
    > same Monday morning. You could also take the opportunity to "upgrade"
    > your password requirements.- Hide quoted text -
    >
    > - Show quoted text -


    We hope we can avoid doing that as it will be a massive exercise. But
    that will be the last resort.
    Thanks & Rgds, Y.Wei

  6. Re: Password authentication using unix crypt

    Y.Wei wrote:
    >> What makes you think that UNIX crypt will duplicate a single character?

    >
    > We found some postings in the web; this is one of them:
    > http://www.unix.com/unix-dummies-que...on-method.html
    >
    > We further confirm it by running the perl script:
    >
    > $VAR{pass} = "test1234";
    > $VAR{salt} = "a";
    > $VAR{pass} = crypt($VAR{pass}, $VAR{salt});
    > print $VAR{pass};


    Hmm, strange, your Perl script produces the same as crypt(3) on my
    system:

    aakhst1GufYjU

    This is where I am:

    $ uname -srvp
    AIX 3 5 powerpc
    $ oslevel -s
    5300-03-00

    This is the C program I use to test crypt(3):

    #define _XOPEN_SOURCE
    #include

    int main(int argc, char **argv) {
    int i=0;
    char *c, *p;

    if (3 != argc) {
    write(2, "needs 2 arguments: password and salt\n", 37);
    return 1;
    }

    c = crypt(argv[1], argv[2]);
    for (p=c; 0!=*p; ++p)
    ++i;

    write(1, c, i);
    write(1, "\n", 1);
    return 0;
    }

    This is my compiler:

    $ gcc --version
    gcc (GCC) 3.3.2
    [...]

    This is how I compile:

    gcc -Wall -maix64 -o crypt crypt.c

    This is the result:

    $ ldd crypt
    crypt needs:
    /usr/lib/libc.a(shr_64.o)
    /unix
    /usr/lib/libcrypt.a(shr_64.o)

    Now I can use UNIX crypt:

    $ ./crypt test1234 a
    aakhst1GufYjU
    $ ./crypt test1234 aa
    aaGUTMncdkeWY


    Did I misunderstand your problem?
    The results are the same here ...

    Yours,
    Laurenz Albe

  7. Re: Password authentication using unix crypt

    On May 28, 4:34*pm, Laurenz Albe wrote:
    > Y.Wei wrote:
    > >> What makes you think that UNIX crypt will duplicate a single character?

    >
    > > We found some postings in the web; this is one of them:
    > >http://www.unix.com/unix-dummies-que...3-shadow-file-...

    >
    > > We further confirm it by running the perl script:

    >
    > > $VAR{pass} = "test1234";
    > > $VAR{salt} = "a";
    > > $VAR{pass} = crypt($VAR{pass}, $VAR{salt});
    > > print $VAR{pass};

    >
    > Hmm, strange, your Perl script produces the same as crypt(3) on my
    > system:
    >
    > aakhst1GufYjU
    >
    > This is where I am:
    >
    > $ uname -srvp
    > AIX 3 5 powerpc
    > $ oslevel -s
    > 5300-03-00
    >
    > This is the C program I use to test crypt(3):
    >
    > #define _XOPEN_SOURCE
    > #include
    >
    > int main(int argc, char **argv) {
    > * * * * int i=0;
    > * * * * char *c, *p;
    >
    > * * * * if (3 != argc) {
    > * * * * * * * * write(2, "needs 2 arguments: password and salt\n", 37);
    > * * * * * * * * return 1;
    > * * * * }
    >
    > * * * * c = crypt(argv[1], argv[2]);
    > * * * * for (p=c; 0!=*p; ++p)
    > * * * * * * * * ++i;
    >
    > * * * * write(1, c, i);
    > * * * * write(1, "\n", 1);
    > * * * * return 0;
    >
    > }
    >
    > This is my compiler:
    >
    > $ gcc --version
    > gcc (GCC) 3.3.2
    > [...]
    >
    > This is how I compile:
    >
    > gcc -Wall -maix64 -o crypt crypt.c
    >
    > This is the result:
    >
    > $ ldd crypt
    > crypt needs:
    > * * * * */usr/lib/libc.a(shr_64.o)
    > * * * * */unix
    > * * * * */usr/lib/libcrypt.a(shr_64.o)
    >
    > Now I can use UNIX crypt:
    >
    > $ ./crypt test1234 a
    > aakhst1GufYjU
    > $ ./crypt test1234 aa
    > aaGUTMncdkeWY
    >
    > Did I misunderstand your problem?
    > The results are the same here ...
    >
    > Yours,
    > Laurenz Albe


    Sorry for the confusion. I'm okay at the AIX side. But I have
    trouble authenticating the password (the single salt ones) generated
    by AIX, at the web application which is running on Windows 2003. I
    tried using various versions of unixcrypt (c and perl) that I
    downloaded but can't produce the same result as AIX. But the two-char
    salt works fine.

    For example:
    the password test1234 encrypted using single-salt key "a" in AIX is:
    aakhst1GufYjU

    but if I run activeperl crypt in Windows with the same salt, it gave
    me: aAQJOTmpwCzbk

    Rgds, Y.Wei

  8. Re: Password authentication using unix crypt

    Y.Wei wrote:
    > Sorry for the confusion. I'm okay at the AIX side. But I have
    > trouble authenticating the password (the single salt ones) generated
    > by AIX, at the web application which is running on Windows 2003. I
    > tried using various versions of unixcrypt (c and perl) that I
    > downloaded but can't produce the same result as AIX. But the two-char
    > salt works fine.
    >
    > For example:
    > the password test1234 encrypted using single-salt key "a" in AIX is:
    > aakhst1GufYjU
    >
    > but if I run activeperl crypt in Windows with the same salt, it gave
    > me: aAQJOTmpwCzbk


    I see. You didn't mention Windows...

    No idea. Maybe you should ask a Windows forum.

    You could port the code yourself: the glibc implementation, which is
    open source, works like the AIX version in that respect.

    Yours,
    Laurenz Albe

  9. Re: Password authentication using unix crypt

    Thanks Laurenz.

+ Reply to Thread