[Bug 6296] New: chpasswd salt has security issues
bugzilla at busybox.net
bugzilla at busybox.net
Tue Jun 4 19:27:51 UTC 2013
https://bugs.busybox.net/show_bug.cgi?id=6296
Summary: chpasswd salt has security issues
Product: Busybox
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Other
AssignedTo: unassigned at busybox.net
ReportedBy: Lothsahn at yahoo.com
CC: busybox-cvs at busybox.net
Estimated Hours: 0.0
The chpasswd command gets the salt value from the stack. That is, it's
declared in chpasswd_main as:
char salt[sizeof("$N$XXXXXXXX")];
After this instruction, salt is never initialized (unless using md5sum
mode)--at which point the first 3 characters are set to $1$. The salt is then
passed to pw_encrypt, which uses it.
It seems like, on a lot of linux systems, we'd be far better off using a random
salt from /dev/random or /dev/urandom rather than just directly off the stack.
It's likely possible to infer what the value of the salt is off the stack.
The second problem this introduces is that when we call pw_encrypt, it
immediately calls my_crypt(clear, salt). The behavior of my_crypt is based on
the salt. If the salt starts with "$1$" , then it assumes md5 encryption,
otherwise it uses either SHA or DES based on what's available on the system.
However, this means that there is a VERY small chance (1/256^3) that a user
could end up with md5 crypt instead of SHA/DES simply because the "random"
stack data started with $1$. The affected code is:
if (salt[0] == '$' && salt[1] && salt[2] == '$') {
if (salt[1] == '1')
return md5_crypt(xzalloc(MD5_OUT_BUFSIZE), (unsigned char*)key,
(unsigned char*)salt);
It seems like the encryption algorithm (md5) should be passed to these
functions as a boolean, rather than as a component of the salt's contents
itself. Furthermore, the salt should contain random data.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list