Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: syslinux: users

MENU / SHA1 passwords not working.

  

 
syslinux users RSS feed   Index | Next | Previous | View Threaded


S.Daniels at uel

Jan 9, 2008, 7:20 AM

Post #1 of 4 (4325 views)
Permalink
MENU / SHA1 passwords not working.
Hi. I'm having a problem with hashing passwords for use in the menu.



If I specify plain passwords in my config it works file:



Example:

MENU MASTER PASSWD 1234567890

MENU PASSWD test123



However if I hash a password using the sha1pass script the resulting hashes
don't work.



MENU MASTER PASSWD $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$

MENU PASSWD test123 $4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$



When prompted for the password I enter that which I added as an arg to the
script but It throws

Me back (same as with an invalid pass).



This is how I run the script:



simon1 [at] eb280-simo:~/syslinux-3.52$ sha1pass 1234567890

$4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$



simon1 [at] eb280-simo:~/syslinux-3.52$ sha1pass test123

$4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$



I notice I get a different hash every time when using the same arg. Is this
correct?



I'm running slackware v11. Initially when running sha1pass i was getting an
error:

Can't locate Digest/SHA1.pm in @INC



I ran cpan install Digest::SHA1 to install the missing lib then all was ok.

I can't get the MD5pass script to run as it's missing a lib but running cpan
install Digest::MD5 reports that my MD5 is up to date?



Any ideas?



Thanks.



Simon.

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX [at] zytor
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.


jhutz at cmu

Jan 14, 2008, 3:17 PM

Post #2 of 4 (4208 views)
Permalink
Re: MENU / SHA1 passwords not working. [In reply to]
--On Wednesday, January 09, 2008 03:20:02 PM +0000 Simon Daniels
<S.Daniels [at] uel> wrote:

> However if I hash a password using the sha1pass script the resulting
> hashes don't work.

As of syslinux-3.53 (the latest I have lying around), the code in
com32/modules/menumain.c for checking sha1 passwords has a bug which causes
checking of salted passwords to fail. Specifically, it tries to fold the
salt into the hash before initing the hash context. I have attached a
patch (untested) which should fix this problem.

> I notice I get a different hash every time when using the same arg. Is
> this correct?

That's correct. The string between the second and third $ characters is a
"salt", which is a chunk of random data included in the hash to make it
more difficult to determine the password by keeping a dictionary of
passwords and the strings they hash to. To get the same string back, you
can give the hash as an additional argument to sha1pass:

./sha1pass 1234567890 9qj4qv8g

> I can't get the MD5pass script to run as it's missing a lib but running
> cpan install Digest::MD5 reports that my MD5 is up to date?

Is there a question here? We can't help you get md5pass working if you
don't tell us what error messages you got.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Carnegie Mellon University - Pittsburgh, PA
Attachments: sha1.patch (0.50 KB)


hpa at zytor

Jan 14, 2008, 7:28 PM

Post #3 of 4 (4202 views)
Permalink
Re: MENU / SHA1 passwords not working. [In reply to]
Simon Daniels wrote:
> Hi. I'm having a problem with hashing passwords for use in the menu.
>
> If I specify plain passwords in my config it works file:
>
>
> MENU MASTER PASSWD $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$
>
> MENU PASSWD test123 $4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$
^^^^^^^
EH?
>
> simon1 [at] eb280-simo:~/syslinux-3.52$ sha1pass 1234567890
> $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$
>

Looks right...

>
> I notice I get a different hash every time when using the same arg. Is this
> correct?
>

That's normal.

>
> I ran cpan install Digest::SHA1 to install the missing lib then all was ok.
>
> I can't get the MD5pass script to run as it's missing a lib but running cpan
> install Digest::MD5 reports that my MD5 is up to date?
>

use Crypt::PasswdMD5;
use MIME::Base64;

Not Digest::MD5...

-hpa

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX [at] zytor
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.


hpa at zytor

Jan 14, 2008, 7:32 PM

Post #4 of 4 (4210 views)
Permalink
Re: MENU / SHA1 passwords not working. [In reply to]
Jeffrey Hutzelman wrote:
> --On Wednesday, January 09, 2008 03:20:02 PM +0000 Simon Daniels
> <S.Daniels [at] uel> wrote:
>
>> However if I hash a password using the sha1pass script the resulting
>> hashes don't work.
>
> As of syslinux-3.53 (the latest I have lying around), the code in
> com32/modules/menumain.c for checking sha1 passwords has a bug which
> causes checking of salted passwords to fail. Specifically, it tries to
> fold the salt into the hash before initing the hash context. I have
> attached a patch (untested) which should fix this problem.
>

D'oh!

OK, I feel dumb now. Right after a release, too...

-hpa

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX [at] zytor
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.

syslinux users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.