Re: [Exim] crypt16() and SMTP AUTH

Top Page
Delete this message
Reply to this message
Author: Tamas TEVESZ
Date:  
To: Marcin Sochacki
CC: exim-users
Subject: Re: [Exim] crypt16() and SMTP AUTH
On Fri, 20 Dec 2002, Tamas TEVESZ wrote:

> > I've found, that some passwords of DUX's users have a strange form, e.g.:
> > "qzgyNslr3WpesDi.7XrD9rx6". AFAIK, those passwords are created with crypt16()
>
> can you get a couple of these kind of hashes with the corresponding
> clear text ?


oh well.

here's what i could cook up. please not that i don't have access to
any such machine... i asked a couple of friends, and eventually we
found dux and tru64 and osf/1 accounts where we tried to generate
crypt16 hashes for some strings, but... these results just never
matched the results of what this snippet does. at least i seemingly
didn't much break the existing crypteq functionality :>

this was the only crypt16 implementation i could find, it's from
<http://www.iruntheinter.net/files/cistron/radiusd-cistron-1.6-crypt16.patch>
i don't have the slightest idea whether its good or not.. the
standalone version and the exim glued version does the same, the
existing crypt functionalality in exim seems to be working ok, but
that's all i can say about it.

the patch (new code created, existing modified by it) is not
beautified nor adjusted to Philip's coding standards, nor has it
anything one would expect. if we get it to work i'll beautify it
and add proper stuff before asking Philip for inclusion). hey,
it's past 4:30am, afterall ;)


here's the diff against exim 4.12:

[ Deleted uuencoded file 'crypt16.diff.g' ]

what i could achieve is:

dusk:~/tmp/exim/exim-4.12$ build-Linux-i386/exim -C src/configure.default -be
> ${if crypteq{kaka}{zJ6CqoxiCXKSY}{yes}{no}}                            <--- `normal' crypt(). seemingly it's still ok :)

yes
> ${if crypteq{kakakakakakakakaka}{kkh4AH0VTIdokZPr.xv2PK5w}{yes}{no}} <--- crypt16() on some dux or osf/1

no                                                                            found lying around

> ${if crypteq{kakakakakakakakaka}{kk1leNVqXP2N2QFJFP41yJc.}{yes}{no}} <--- crypt16() made standalone by the included

yes                                                                           routine

> ${if crypteq{kakakakakakakakaka}{kkh4AH0VTIdokZPr.xv2PK5w}{yes}{no}} <--- crypt16() made on anothet dux, osf/1 or tru64

no                                                                            found lying around

>



curious about what this does for you (also i'm waiting for clear/hash
pairs made on *your* dux system),

anyone who could dig up what actually crypt16() is, or even better, a
known-good implementation, would be nominated KOTH of the month :>

--
[-]
... and the rest is silence.