What kind of encryption id used in xampp .htpasswd?
I typed
(ramin)
for password and this is the result
$apr1$ErR/ZCuV$KSauU1bX4U1fqO3x7tQYN/
It is an encoded MD5 hash, Apache proprietary. There is some information in the Apache docs but to really see what is going on you need the source of apr_md5.c.
Basically it starts with a magic: $apr1$. This is not to fool you, it probably stands for Apache Password Routine version 1 or something similar.
Then comes an encoded salt of 0..8 bytes (8 bytes being the default it seems). This is a base 64 encoding but it is not the regular base 64 encoding. It uses a different alphabet with a relatively strange ordering:
./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
This salt in turn is ended using a single $ character.
The password hash is basically an (overly) complex calculation using MD5 and transposition in the end. The password strengthening is performed using a non-configurable 1000 iterations of MD5 within this calculation. The final result is 16 bytes of MD5, encoded using the base 64 encoding explained above.
You cannot retrieve the password from the hash. The only thing you can do is take the salt, guess a password and see if it correct (using the minimum of 1000 iterations). In the olden days 1000 MD5 iterations may have seemed a lot, but unfortunately that's not the case any longer. You are better off using the bcrypt alternative.
Related
I downloaded the openssl-1.0.2l.tar.gz source package from https://www.openssl.org/source/ and made a fresh x64 build for Windows. I use the openssl application to encrypt a file using the following command:
openssl enc -aes-128-cbc -a -salt -in data.txt -kfile key.txt -out encrypted.txt -p
Now, I would like to consume the encrypted file in a .NET application (written in C#). I read the encrypted file (which is encoded using Base64, because of the -a switch), decode it, and extract the first 16 bytes in order to get the salt that was generated by OpenSSL... this works fine so far; the salt is prefixed with Salted__, the following 8 bytes are the actual salt value.
What I have learned so far is that OpenSSL reads the first line of the given key file and uses that string for the passphrase. The actual key and initialization vector gets derived from the passphase, the salt and some hashing, which is not officially documented.
The -p switch gave me the key and initialization vector that is used for the encryption, but I would like to know, how I can reproduce that data from the known passphrase and the salt... Everything I have tried gives me key and vector data that is different from what the openssl application gave me.
Of course, I already found similar questions (and answers) at stackoverflow and crypto.stackexchange, but none of the solutions seem to work, or are related to aes-256-cbc... not sure, if that makes a difference?
What needs to be done to properly derive the key and initialization vector?
It's documented here or here, but you have to know what to look for. The function is called EVP_BytesToKey and uses a hash function to stretch the salt and password into a key and IV.
Note that OpenSSL switched from MD5 to SHA-256 in version 1.1.0 (source). The iteration count is 1 and the output size depends on the chosen key size and block size.
I'm using the default identity stuff provided by ASP.NET 4.5 MVC and Entity Framework. I can create users with passwords and the hashed password shows up in the database. I'm trying to figure out if that hash is generated using the no-longer-trusted SHA1 algorithm or the SHA2 algorithm (be it SHA256, SHA512, etc).
Articles which seem to say it defaults to SHA256:
https://www.asp.net/whitepapers/aspnet4/breaking-changes#0.1__Toc256770148
http://kosmisch.net/Blog/DotNetEssential/Archive/2015/2/1/aspnet-membership-default-password-hash-algorithms-in-net-4x-and-previous-versions.html
Articles which seem to say it defaults to SHA1:
https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing
https://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx
When I follow the chain down, I end up inside the PasswordHasher.cs class -> HashPassword() -> Crypto.HashPassword() which I can see is using Rfc2898DeriveBytes which then has a bunch of stuff about HMACSHA1.
So are my passwords getting hashed by SHA256 or SHA1? Easy way to default to SHA256?
If it helps, here is a dummy password taken from my local environment:
AIPfkvy5v59jmVZdPpU9QfUMoToCQ+Rp3dBT7m9RwMKZai5/61REkN/0InCtxKPUOQ==
So it looks like the answer is neither exactly:
From the comments in the ASP.Net Identity Source Code
Version 0:
PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
See also: SDL crypto guidelines v5.1, Part III)
Format: { 0x00, salt, subkey }
Ultimately the hashing algorithim is SHA1, but it is not a simple SHA1 hash of the password, or even a SHA1 + salt hash.
It is worth pointing out that SHA1 is considered "broken" for digital signatures due to a mathematical attack, reducing the computational effort of generating a collision to just-about feasible levels.
This does not apply to hashed passwords.
Links for further reading.
Is SHA-1 secure for password storage?
https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
https://en.wikipedia.org/wiki/PBKDF2
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Rfc2898DeriveBytes and HMACSHA1
I found that Meteor default use sha-256 to hash password. but I am confused that same password for each account after hashing become different string stored in the database. Anyone would tell the detail implementation, thx
Per the Meteor docs, accounts-password uses bcrypt.
If you look at the source code of loginWithPassword, you should be able to find out where the salt is stored. As a second source, read MasterAM's answer to Laravel & Meteor password hashing which indicates that Meteor from 2011 on uses $2y$ hash strings, i.e. PHP CRYPT_BLOWFISH, which uses
CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail. Versions of PHP before 5.3.7 only support "$2a$" as the salt prefix: PHP 5.3.7 introduced the new prefixes to fix a security weakness in the Blowfish implementation. Please refer to ยป this document for full details of the security fix, but to summarise, developers targeting only PHP 5.3.7 and later should use "$2y$" in preference to "$2a$".
Thus, look for the $2y$ string in the database, and extract the salt from it.
I have a utility that is using the BouncyCastle.Crypto dll (version 1.7.4, runtime version 1.1.4), in order to decrypt a file that is given to it by another system.
I just updated the pgp key (and provided the encryptor with the new public key). The new key uses 4096 bit RSA encryption and has a 24 character password, which are the only differences I can think of between the new key and the old key. The old key used I believe 2048 bit encryption with a 7 character password.
When I attempt to decrypt a file the process is now failing when calling the PgpSecretKey.ExtractPrivateKey(char[] passPhrase) function, provided by BouncyCastle. The error is "Checksum mismatch at 0 of 20."
The weird part is that the first time I tested it worked fine, then with no changes it began failing. I have tried with multiple encrypted files.
Since it's such an old version of BouncyCastle and this particular permutation of the ExtractPrivateKey function is no longer in use I am finding it difficult to locate relevant information. Any thoughts are appreciated.
I got that error once "Checksum mismatch at 0 of 20." . My issue was due to a wrong pass phrase. Hope this should help someone.
Currently our process consists of logging into each *nix server and manually changing the password for each. My question is, what is a good way to automate this? I'm thinking of possibly a couple different ways to do this and would like input from others on what they recommend, use, etc.
One way I was thinking is a text file with a list of servers that need the password change and a script that prompts the user for the new password, stores it temporarily in the script and then remote connects into each server and runs the commands. Having a check to make sure the server is reachable or a timeout on the remote connection would be a good idea. Then have output to the console so the person running the script can see what servers were successful and which ones were not.
I was trying to think of another fully automated solution, but couldn't think of a good way to securely store the new password. Plus it is not a huge deal to me to have some user interaction and have to manually start the script as we only would need to do this 6 times a year.
Any thoughts, help, ideas would be greatly appeciated.
openssl passwd -1 $rootpw
Where $rootpw holds the string that will be your root password.
This will output a crypted string that you can just put in the file or whatever. I use this on a script that sets up virtual server instances that are provisioned from a database. I compute this hash before sending it over the network so the script that sets up the server can just use this hash instead of having to send it plain text.
To answer your question, each server would compute the hash slightly differently and result in a different hash, but all of those hashes would equate to the same password. You could use any one of these hashes and they would be functionally equivalent when used on any server, even though the actual content of the hash is different.
For example, I hashed foobar and these are the results:
rootpw=foobar
openssl passwd -1 $rootpw
$1$6pXamKGD$TKQqON1prArop7DpLOyAk1
openssl passwd -1 $rootpw
$1$4A4Mn16f$P7ap2AqNMRK8m72bG/Bve0
openssl passwd -1 $rootpw
$1$DyhsWEMX$i2wH6JpAqoHNFZ0YOBVHj/
openssl passwd -1 $rootpw
$1$m27FIj5e$LZPxVniAeUoZcuUoNHK8c/
openssl passwd -1 $rootpw
$1$qdX0NKm1$45rzxUj..LCJwWB/.fwGH0
Each of those hashes are different even when computed on the same machine but any of them can be used to equate to the password 'foobar' on any machine.
So just open /etc/shadow and paste that in there where you find the line:
root:$1$qdX0NKm1$45rzxUj..LCJwWB/.fwGH0:14415:0:99999:7:::
In my script I explode it at the :'s and update element [1] then concatenate the array back to a string and replace the string in the file. You can do it differently if you want, especially if you know the old value (which you can get by exploding it into an array).
I know this question is a few months old so you probably figured it out, but I'm putting this out there for any future googler's coming along and finding this.
You should compute whatever hash are your servers computing on a password and send passwords in this secured, hashed form, ready to put into /etc/shadow.
I do not know however how to do that in practice.