Re: Options for dealing with DES crypt password file
> Are there any workarounds for me using the old DES password hashes, or do we > need to 'passwd ' for hundreds of users? > You could give John the Ripper a try.
Re: Options for dealing with DES crypt password file
I appreciate the suggestion but yeah, LDAP is totally overkill here. There's really only this one server that needs access to the auth info in the passwd file, so LDAP wouldn't really help me.
Re: Options for dealing with DES crypt password file
On Thu, Jan 11, 2018, at 3:42 PM, Consus wrote: > On 18:27 Thu 11 Jan, Jeff Zimmerman wrote: > > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password > > hashes in master.passwd. A majority of the passwords (hundreds) are > > old salted DES crypt format. > > > > Am I correct in my research that everything but Blowfish was removed > > from crypt() around OpenBSD 5.7? Are there any workarounds for me > > using the old DES password hashes, or do we need to 'passwd ' > > for hundreds of users? > > Use LDAP already. > We don't really know his situation. LDAP could be major overkill...
Re: Options for dealing with DES crypt password file
On 18:27 Thu 11 Jan, Jeff Zimmerman wrote: > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password > hashes in master.passwd. A majority of the passwords (hundreds) are > old salted DES crypt format. > > Am I correct in my research that everything but Blowfish was removed > from crypt() around OpenBSD 5.7? Are there any workarounds for me > using the old DES password hashes, or do we need to 'passwd ' > for hundreds of users? Use LDAP already.
Re: Options for dealing with DES crypt password file
I completely understand. The running chainsaw analogy is pretty accurate here. OpenBSD is as secure as it is because you all remove as many chainsaws as possible. We needed to update those hashes anyway someday. I just wasn't expecting that day to be today. Thanks again! From: Theo de Raadt <dera...@openbsd.org> Sent: Thursday, January 11, 2018 12:49:33 PM To: Jeff Zimmerman Cc: misc@openbsd.org Subject: Re: Options for dealing with DES crypt password file > I was hoping that there was some hidden switch somewhere that would turn > the classic crypt back on. No such luck. That'd be like leaving a running chainsaw on the floor at a daycare center. When something is dangerous, we get rid of it.
Re: Options for dealing with DES crypt password file
> I was hoping that there was some hidden switch somewhere that would turn > the classic crypt back on. No such luck. That'd be like leaving a running chainsaw on the floor at a daycare center. When something is dangerous, we get rid of it.
Re: Options for dealing with DES crypt password file
I know, I'm ashamed to say that yes, this machine has been running (behind a restrictive firewall) for all of these years. I was hoping that there was some hidden switch somewhere that would turn the classic crypt back on. No such luck. But thank you for the quick response. I've been using OpenBSD for a lot of years and really appreciate your efforts Theo, and the efforts of everyone associated with the project. From: Theo de Raadt <dera...@openbsd.org> Sent: Thursday, January 11, 2018 12:29:59 PM To: Jeff Zimmerman Cc: misc@openbsd.org Subject: Re: Options for dealing with DES crypt password file > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes > in master.passwd. A majority of the passwords (hundreds) are old salted > DES crypt format. bummer > Am I correct in my research that everything but Blowfish was removed from > crypt() around OpenBSD 5.7? Are there any workarounds for me using the old > DES password hashes, or do we need to 'passwd ' for hundreds of users? There are no workarounds. The hashes cannot be reversed to make new passwords, and the legacy methods are removed intentionally because they are super weak You been running that on the internet? the shame!
Re: Options for dealing with DES crypt password file
> I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes > in master.passwd. A majority of the passwords (hundreds) are old salted > DES crypt format. bummer > Am I correct in my research that everything but Blowfish was removed from > crypt() around OpenBSD 5.7? Are there any workarounds for me using the old > DES password hashes, or do we need to 'passwd ' for hundreds of users? There are no workarounds. The hashes cannot be reversed to make new passwords, and the legacy methods are removed intentionally because they are super weak You been running that on the internet? the shame!
Options for dealing with DES crypt password file
I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes in master.passwd. A majority of the passwords (hundreds) are old salted DES crypt format. Am I correct in my research that everything but Blowfish was removed from crypt() around OpenBSD 5.7? Are there any workarounds for me using the old DES password hashes, or do we need to 'passwd ' for hundreds of users?