Sandip Bhattacharya proclaimed:
> Redhat by default uses md5 encrypted shadow passwords. Now we ran into a
> particular problem in which we have to read the shadow file and
> authenticate users.(No we don't want to use the passwd C libraries)
>
> I noticed a weird thing. Isn't MD5 strings supposed to be in
> hexadecimal? The shadow file passwords are not so.
>
> I tried a small experiment. I put the password of a known person in a text
> file (without newline) and run md5sum on it. The hash had nothing in
> common with the /etc/shadow equivalent. What am i doing wrong?
The password stored in /etc/passwd or /etc/shadow is never just a simple 1
to 1 encryption. Two similar strings, when encrypted seperately, do not
result in the same encrypted string. This is a measure of security. If
two users sharing the same password or passphrase had the exact same
entries in the /etc/passwd or /etc/shadow file, it would become easier to
break into other user's account.
Something called a "salt" is used to ensure that the same string, when
encrupted on multiple occasions does not result in the same encrypted
string.
Thaths
--
"This is a very, very proud day for us! Especially me, your father, me,
beat City Hall! It's just like David and Goliath, only this time, David
won!" -- Homer J. Simpson
Sudhakar C13n http://www.aunet.org/thaths/ Lead Indentured Slave
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
