search for: 8913bb8

Displaying 2 results from an estimated 2 matches for "8913bb8".

2016 Jul 21
4
Openssh use enumeration
...or similar). It's about the same amount of code to search for the first account with a valid salt, which would avoid this problem in the case where the root account doesn't have a real password. djm: what do you think? diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8913bb8..5385243 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -78,14 +78,18 @@ pick_salt(void) if (salt[0] != '\0') return salt; strlcpy(salt, "xx", sizeof(salt)); - if ((pw = getpwuid(0)) == NULL) - return salt; - passwd = shadow_pw(pw); - if (passwd[0] !...
2016 Jul 21
3
Openssh use enumeration
On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due