MD5 crypting
Brian McKee
brian.mckee at gmail.com
Mon Apr 27 21:30:40 UTC 2009
On Mon, Apr 27, 2009 at 5:00 PM, NoOp <glgxg at sbcglobal.net> wrote:
> On 04/27/2009 10:35 AM, Brian McKee wrote:
>> On Mon, Apr 27, 2009 at 1:12 PM, NoOp <glgxg at sbcglobal.net> wrote:
>>> On 04/26/2009 12:29 PM, Arda Eden wrote:
>>>> The other interesting thing is every encryption with grub-md5-crypt for the
>>>> same password generates different hashes.
>>> It should give you different hashes each time.
>>
>> Can you explain why it does that? (I've confirmed you are indeed correct)
>> Like the OP I would have thought it would be the same each time.
>> For instance - this is the same every time.
>>> echo '<?php echo crypt("password", "xy") ?>' | php
>>> xyAjYtmfRYx/.
>>
>> Is there a salt in there somewhere? If so, how does grub know what the salt is?
>
> http://www.usenix.org/events/usenix99/provos/provos_html/node10.html
> [MD5crypt]
> $ cat /usr/sbin/grub-md5-crypt
> And you'll be able to see that the program does actually run/use md5crypt.
Use the source huh? It never occured to me that it might be a script
rather than a compiled program.
Thanks for the reminder. Looking at that script - it's not using a
program called md5crypt, but the md5crypt command built into the grub
shell.
(which may be the same one you referenced of course)
I can see other people have had the same issue as the OP
To the OP - grub-md5-crypt *might* to be broken - but these links have
a workaround/alternate method that seems to work.
See -
http://ubuntuforums.org/showthread.php?t=113376
http://lists.debian.org/debian-user/2005/09/msg00177.html
as well as
http://www.gnu.org/software/grub/manual/html_node/Security.html#Security
Brian
More information about the ubuntu-users
mailing list