Results 1 to 4 of 4

Thread: Wrong password encryption (openSUSE 11.0)?

  1. #1
    Join Date
    Jul 2008
    Location
    Essen, NRW, Germany
    Posts
    3

    Default Wrong password encryption (openSUSE 11.0)?

    Hi,

    I installed openSUSE 11.0 on 5 machines (physical / virtual) with different types of setup configurations, but there's one thing which seems to work wrong on all of these machines:

    Although I've chosen MD5 encryption for passwords, the system ignores this setting and uses blowfish encryption only.

    /etc/default/passwd:
    CRYPT=md5
    CRYPT_FILES=md5
    BLOWFISH_CRYPT_FILES=10
    CRYPT_YP=des

    /etc/shadow:
    test:Eahrk85ODPvlY:14062:0:99999:7:::

    I didn't know whether it's blowfish or DES, but after trying to use GDM on a machine, I know that it's blowfish because I can only login after changing the /etc/default/password settings to blowfish. It seems that GDM uses these values so get the right method?!


    Is this a security problem? Am I doing something wrong?
    Am I searching at the wrong places?


    Thanks for all helpful information.


    Best regards,
    Thomas
    Last edited by TERROR-FX; 10-Jul-2008 at 23:12. Reason: just wording and mistakes

  2. #2
    Join Date
    Jul 2008
    Location
    Essen, NRW, Germany
    Posts
    3

    Default Re: Wrong password encryption (openSUSE 11.0)?

    There're some views on my post but no reply to it.
    I think that it's not clear what I try to achieve. :-)

    It would help me a lot if one (or some) of you could just
    look in the /etc/shadow on your openSuSE 11.0 machine.
    If you configured your system to use MD5 password encryption
    and only see short passwords (blowfish) --> please let me know!

    Thanks!

  3. #3

    Default Re: Wrong password encryption (openSUSE 11.0)?

    Eahrk85ODPvlY is DES.
    Blowfish ones ($2a$10$yM1cRna.S8gA2y/tkLuhZuca7mJYPF5kyKzx5KTt.z0WZNvf.ieCG) are much longer. MD5 is somewhere in between that and uses $1$ for identification.

  4. #4
    Join Date
    Jul 2008
    Location
    Essen, NRW, Germany
    Posts
    3

    Default Re: Wrong password encryption (openSUSE 11.0)?

    Okay, thanks. So I mixed up with DES and Blowfish.

    But nevertheless it's not MD5 as I configured it.
    I'm a bit confused with what I said about GDM earlier,
    but in general the problem about the wrong encryption is definitely existing.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •