Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. syslinux>
  3. users
MENU / SHA1 passwords not working.
S.Daniels at uel
Jan 9, 2008, 7:20 AM
Post #1 of 4 (7269 views)
Permalink
Hi. I'm having a problem with hashing passwords for use in the menu.



If I specify plain passwords in my config it works file:



Example:

MENU MASTER PASSWD 1234567890

MENU PASSWD test123



However if I hash a password using the sha1pass script the resulting hashes
don't work.



MENU MASTER PASSWD $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$

MENU PASSWD test123 $4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$



When prompted for the password I enter that which I added as an arg to the
script but It throws

Me back (same as with an invalid pass).



This is how I run the script:



simon1@eb280-simon:~/syslinux-3.52$ sha1pass 1234567890

$4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$



simon1@eb280-simon:~/syslinux-3.52$ sha1pass test123

$4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$



I notice I get a different hash every time when using the same arg. Is this
correct?



I'm running slackware v11. Initially when running sha1pass i was getting an
error:

Can't locate Digest/SHA1.pm in @INC



I ran cpan install Digest::SHA1 to install the missing lib then all was ok.

I can't get the MD5pass script to run as it's missing a lib but running cpan
install Digest::MD5 reports that my MD5 is up to date?



Any ideas?



Thanks.



Simon.

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX@zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.
Re: MENU / SHA1 passwords not working. [ In reply to ]
jhutz at cmu
Jan 14, 2008, 3:17 PM
Post #2 of 4 (7062 views)
Permalink
--On Wednesday, January 09, 2008 03:20:02 PM +0000 Simon Daniels
<S.Daniels@uel.ac.uk> wrote:

> However if I hash a password using the sha1pass script the resulting
> hashes don't work.

As of syslinux-3.53 (the latest I have lying around), the code in
com32/modules/menumain.c for checking sha1 passwords has a bug which causes
checking of salted passwords to fail. Specifically, it tries to fold the
salt into the hash before initing the hash context. I have attached a
patch (untested) which should fix this problem.

> I notice I get a different hash every time when using the same arg. Is
> this correct?

That's correct. The string between the second and third $ characters is a
"salt", which is a chunk of random data included in the hash to make it
more difficult to determine the password by keeping a dictionary of
passwords and the strings they hash to. To get the same string back, you
can give the hash as an additional argument to sha1pass:

./sha1pass 1234567890 9qj4qv8g

> I can't get the MD5pass script to run as it's missing a lib but running
> cpan install Digest::MD5 reports that my MD5 is up to date?

Is there a question here? We can't help you get md5pass working if you
don't tell us what error messages you got.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Carnegie Mellon University - Pittsburgh, PA

Attached Files:

Re: MENU / SHA1 passwords not working. [ In reply to ]
hpa at zytor
Jan 14, 2008, 7:28 PM
Post #3 of 4 (7064 views)
Permalink
Simon Daniels wrote:
> Hi. I'm having a problem with hashing passwords for use in the menu.
>
> If I specify plain passwords in my config it works file:
>
>
> MENU MASTER PASSWD $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$
>
> MENU PASSWD test123 $4$B4LW6NPr$xYYfSoakhfLpWE7+l8zU0MdAlIA$
^^^^^^^
EH?
>
> simon1@eb280-simon:~/syslinux-3.52$ sha1pass 1234567890
> $4$9qj4qv8g$HQ6Jl6TVrpign78XeofX2OLmfJo$
>

Looks right...

>
> I notice I get a different hash every time when using the same arg. Is this
> correct?
>

That's normal.

>
> I ran cpan install Digest::SHA1 to install the missing lib then all was ok.
>
> I can't get the MD5pass script to run as it's missing a lib but running cpan
> install Digest::MD5 reports that my MD5 is up to date?
>

use Crypt::PasswdMD5;
use MIME::Base64;

Not Digest::MD5...

-hpa

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX@zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.
Re: MENU / SHA1 passwords not working. [ In reply to ]
hpa at zytor
Jan 14, 2008, 7:32 PM
Post #4 of 4 (7066 views)
Permalink
Jeffrey Hutzelman wrote:
> --On Wednesday, January 09, 2008 03:20:02 PM +0000 Simon Daniels
> <S.Daniels@uel.ac.uk> wrote:
>
>> However if I hash a password using the sha1pass script the resulting
>> hashes don't work.
>
> As of syslinux-3.53 (the latest I have lying around), the code in
> com32/modules/menumain.c for checking sha1 passwords has a bug which
> causes checking of salted passwords to fail. Specifically, it tries to
> fold the salt into the hash before initing the hash context. I have
> attached a patch (untested) which should fix this problem.
>

D'oh!

OK, I feel dumb now. Right after a release, too...

-hpa

_______________________________________________
SYSLINUX mailing list
Submissions to SYSLINUX@zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
Please do not send private replies to mailing list traffic.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal