lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Jan 16 22:33:11 2006
From: bojan99 at gmail.com (Bojan)
Subject: NS1 decryption

On 1/16/06, Roman Medina-Heigl Hernandez <roman@...labs.com> wrote:
>
> Hi,
>
> I've been told that Solaris' NS_LDAP_BINDPASSWD could be decrypted. For
> instance:
>
>     $ ldapclient -l
>     NS_LDAP_FILE_VERSION= 1.0
>     NS_LDAP_BINDDN=
> cn=proxyagent,ou=profile,dc=blr03-01,dc=india,dc=sun,dc=com
>     NS_LDAP_BINDPASSWD= {NS1}3d1a48xxxxxxxxx
> ...
>
>
> The pass is {NS1}3d1a48xxxxxxxxx. Is it really possible to decode it and
> get the plaintext password? I couldn't find any useful info about
> decoding NS1 passwords.


Well, according to the FAQ (
http://blogs.sun.com/roller/resources/raja/ldap-psd.html), it's just some
simple encryption:

" 5.6. What is NS1 format?? How is the NS1 format converted/used to
authenticate against the userPassword in CRYPT format in the LDAP server?

The Native LDAP client library (libsldap) uses an internal and simple
algorithm to encrypt (and tag) the proxyagent password so that it
would not be stored in /var/ldap/ldap_client_cred in plaintext.

The NS1 encrypted password will be decrypted by the libsldap library
before authenticating the proxy agent to the LDAP server. From the
server perspective, it receives and process the plaintext password to
match the crypt userPassword as usual."

The libsldap library obviously can decrypt this, so it should be easy to
write a tool which will do this (once you know how encryption/decryption
works). But, from the text above, it's pretty clear that this is not a one
way function.

Cheers,

Bojan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060117/c9f0787d/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ