8 More Discussions You Might Find Interesting
1. Solaris
Hi,
Our security audit person generated a report for Solaris-10 servers and mentioned this suggestion - "All passwords should be hashed using bcrypt. Solaris 10 supports this blowfish-based hash algorithm with the identifier 2a. To verify this, ensure the password hashes start with $2a$.... (2 Replies)
Discussion started by: solaris_1977
2 Replies
2. Shell Programming and Scripting
So, I am writing a script that will read output from Bulk Extractor (which gathers data based on regular expressions). My script then reads the column that has the URL found, hashes it with MD5, then outputs the URL and hash to a file.
Where I am stuck on is that I want to read the bulk... (7 Replies)
Discussion started by: twjolson
7 Replies
3. Solaris
Hello,
I'm having an issue with my password hashing. In /etc/shadow all the passwords hashes start with $1$. The security people want me to change it so the password hash starts with $5$ or $6$. So this is what I did to fix this.
I changed CRYPT_DEFAULT for 1 to 6
CRYPT_DEFAULT=6When I create a... (0 Replies)
Discussion started by: bitlord
0 Replies
4. Debian
About a year and half or so ago me and a friend set up Debian on a PS3. For a while I could not boot into the ps3 but managed to get it running again. I was very excited to get back in a play on the Debian distro we installed until I found neither of us could remember the password he put on it.
... (3 Replies)
Discussion started by: Azrael
3 Replies
5. UNIX for Advanced & Expert Users
I'm collecting some info on the password hashing algorithms in use on various Unix systems. So far I have:
no $ legacy unix crypt
$1$ MD5
$2$ Blowfish on BSD
$2a$ alternate Blowfish on BSD
$md5$ Sun's alternate MD5
$3$ a Microsoft hash
$4$ not used?
$5$ RedHat proposed Sha-256... (2 Replies)
Discussion started by: Perderabo
2 Replies
6. Shell Programming and Scripting
hi guys
I have to create a script
where I have to su to another user and when that happens the pasword is requested as usual but since this script runs after hours no one can type the password so..I now it's not secure but is there a way to do this to have the password inserted automatically?
... (2 Replies)
Discussion started by: karlochacon
2 Replies
7. UNIX for Dummies Questions & Answers
Hello folks,
I have few linux machines and one server from which I can connect to others without password (of course ssh key). On some server when root password will expired is asking me for change passord but on some servers no. When I can find some configuration of this behavior?
Thx for any... (1 Reply)
Discussion started by: vikus
1 Replies
8. UNIX for Dummies Questions & Answers
Hi,
how can one find that which encryption algorithm the system is using for keeping the user password in the /etc/passwd or /etc/shadow file.
Is it
1: Hashing ( which considers only first 5 letters of password)
2: MD5 (Which allows arbitry length passwords)
Thanks,
~amit (0 Replies)
Discussion started by: amit4g
0 Replies
crypt(3C) crypt(3C)
NAME
crypt - generate hashing encryption
SYNOPSIS
Obsolescent Interfaces
DESCRIPTION
crypt():
is the password encryption function. It is based on a one way hashing encryption algorithm with variations intended (among other things)
to frustrate use of hardware implementations of a key search.
key is a user's typed password. salt is a two-character string chosen from the set this string is used to perturb the hashing algorithm in
one of 4096 different ways, after which the password is used as the key to encrypt repeatedly a constant string. The returned value points
to the encrypted password. The first two characters are the salt itself.
Obsolescent Interfaces
generate hashing encryption.
WARNINGS
The return value for points to data whose content is overwritten by each call.
and are obsolescent interfaces supported only for compatibility with existing DCE applications. New multithreaded applications should use
SEE ALSO
crypt(1), login(1), passwd(1), getpass(3C), passwd(4), thread_safety(5).
STANDARDS CONFORMANCE
crypt(3C)
