Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shadow HAsh (was Re: CUPS authentication problem)

On Jul 26, 2004, at 1:23 AM, Axel Luttgens wrote:

And yes, the author agrees there were problems with it (the ones we discovered), and concludes with us that the way is to create a user with a ";Basic;" authentication authority ("Basic" in Open Directory's terminology here, not cups' one!).


Which would be not the best idea since you're giving up the security afforded to you by shadowing.

Incidentally..

Shadow hashes are easier to compromise, given local root access (such as when hardware is stolen from a lab) than basic hashes were. This is because the shadow hash is made up of both sha1 (which is hard to break) and ntlmv1 (which isn't hard to break). To crack on it format a text file like this:

username:1st32characers:2nd32characters:::

...where the 64 characters come from /var/db/shadow/hash/*

..feed it to john the ripper..

I wish Apple would create a command-line preference to prevent the storage of less-than-secure NT hashes.

This was recently discussed on the Darwin lists.

http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
email@hidden
303.517.0272
Denver, CO


"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."

- -- Nietzsche
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
When responding to messages, please keep your quotes short.
References: 
 >Re: CUPS authentication problem (From: Tom Schutzer-Weissmann <email@hidden>)
 >Re: CUPS authentication problem (From: Axel Luttgens <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.