[j-nsp] Format of SHA1 Passwords

Paul Goyette pgoyette at juniper.net
Tue Dec 3 12:20:15 EST 2013 

Looks like the output is identical to what would be generated by 
the *BSD pwhash(1) utility.

	# pwhash -S 24680 stuff
	$sha1$23933$/WgTkHoe$25rdwdZ95cfgY/Tl6li2/LRIbuVT
	#

pwhash(1) in turn calls the crypt(3) library function after it 
generates a salt.

Digging through the sources, we find the following comment block 
in src/lib/libcrypt/crypt-sha1.c

* The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *    
 * where: 
 *      <tag>           is "sha1" 
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.



-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Morrow
Sent: Tuesday, December 03, 2013 9:06 AM
To: chip at 2bithacker.net; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Format of SHA1 Passwords



On 12/03/2013 11:46 AM, Chip Marshall wrote:
> On 2013-12-03, Chris Morrow <morrowc at ops-netman.net> sent:
>>> I get things like "$sha1$19418$aoTClyGU$cix8MhZsXwG6OrwUgeHAoOA8f.AX"
>>> where it appears to have the format, some number, what I think is
>>> the salt, and then the hash.
>>>
>>> Anyone know how these things are calculated?
>>
>> we do this calculation.... I believe your intended format is:
>>   $1$salt$hash
>>
>> or that seems to be what our code does.
> 
> That's for MD5 passwords. I have a requirement to use SHA-1.

oh, ha! :( hrm... so, I set a passwd of 'flipfl0p!' for a user after
setting the passwd format to sha1 ... and I see:

"$sha1$19295$mROzSQ4a$SFnJ1fAbP4cHqw/16.xDV4s1LpMA"

and yea.... the format isn't as simple as:

>>> import hashlib
>>> p = 'flipfl0p!'
>>> s = 'mROzSQ4a'
>>> hashlib.sha1(p+s).hexdigest()

bummer.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list