Sources for passwd command? - Questions

This is a discussion on Sources for passwd command? - Questions ; Can someone point me to the sources for the passwd command? I want to see how the encryption algorithms are called to generate the entries in the password/shadow files. I'd also like to look at the encryption code itself. I'm ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Sources for passwd command?

  1. Sources for passwd command?

    Can someone point me to the sources for the passwd command?

    I want to see how the encryption algorithms are called to generate the
    entries in the password/shadow files.

    I'd also like to look at the encryption code itself. I'm primarily
    interested
    in the blowfish encryption.

    Can someone point me to where I can find the sources? Or is this the
    wrong group for this question?

    Thanks,

    -- Greg Allen



  2. Re: Sources for passwd command?

    On 2005-09-13, Greg Allen wrote:
    > Can someone point me to the sources for the passwd command?


    Which is your distribution? (I assume that you are not looking for
    something related to the operating system that runs "Microsoft Outlook
    Express 6.00.2900.2180".) Probably they provide packages with the source
    code for your programs. On (some? most? all?) Linux systems the passwd
    program comes from a package going by the name "shadow" (because the
    passwords proper reside in /etc/shadow, not /etc/passwd).

    --
    Paul Kimoto
    This message was originally posted on Usenet in plain text. Any images,
    hyperlinks, or the like shown here have been added without my consent,
    and may be a violation of international copyright law.

  3. Re: Sources for passwd command?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Greg Allen wrote:
    > Can someone point me to the sources for the passwd command?
    >
    > I want to see how the encryption algorithms are called to generate the
    > entries in the password/shadow files.


    You /do/ realize that stored passwords are not /encrypted/, don't you?
    What gets stored is a hash of the plaintext password, and as such cannot
    be decrypted.

    > I'd also like to look at the encryption code itself. I'm primarily
    > interested in the blowfish encryption.


    Then you are probably going to have to look elsewhere. The crypt(3)
    function that hashes passwords for storage uses DES (according to the
    manpage) or MD5 (according to the documentation) not blowfish.

    > Can someone point me to where I can find the sources? Or is this the
    > wrong group for this question?


    The source for crypt(3) is part of glibc. You can find glibc at
    http://www.gnu.org/software/libc/libc.html

    You might want to read the current doc at
    http://www.gnu.org/software/libc/man...ypt.html#crypt

    - --

    Lew Pitcher, IT Specialist, Enterprise Data Systems
    Enterprise Technology Solutions, TD Bank Financial Group

    (Opinions expressed here are my own, not my employer's)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (MingW32)

    iD8DBQFDL/8UagVFX4UWr64RAkJtAKCcnQyVlDh0vEn+gKXEMiiLBijApQCf U5NC
    jJWbjdINWfDSHhQMb2UDlLM=
    =k+Oc
    -----END PGP SIGNATURE-----

+ Reply to Thread