- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Algorithm for encrypting passwords
Operating System - HP-UX
1820389
Members
3476
Online
109623
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2005 11:05 PM
тАО04-28-2005 11:05 PM
Please could someone advise me of the algorithm used to encrypt users passwords in HP-UX 11 in both Trusted and Standard mode (if they are different) thanks, Richard
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2005 11:15 PM
тАО04-28-2005 11:15 PM
Re: Algorithm for encrypting passwords
Why do u require it first of all?
I am sure only HP Lab engineers would be aware of any such algorithm.
Regards
I am sure only HP Lab engineers would be aware of any such algorithm.
Regards
What we cannot speak about we must pass over in silence.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2005 11:25 PM
тАО04-28-2005 11:25 PM
Re: Algorithm for encrypting passwords
A request by my government accreditor to get some assurance it will meet UK minimum standards.
I found an HP-UX security white paper written by Mike Jerbik of HP which states the various algorithms used in the product but it doesn't say which ones are used for which applications. Some are obvious i.e. for signing and key exchange, others could all be used to support a basic password encryption function. I just need to know which it is.
Cheers,
RV
I found an HP-UX security white paper written by Mike Jerbik of HP which states the various algorithms used in the product but it doesn't say which ones are used for which applications. Some are obvious i.e. for signing and key exchange, others could all be used to support a basic password encryption function. I just need to know which it is.
Cheers,
RV
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2005 01:22 AM
тАО04-29-2005 01:22 AM
Solution
Hi Richard,
The HP-UX PAM modules use the crypt command which simulates a one rotor 256 element rotor similar to the German Enigma system.
Also the crypt command uses the makekey command which takes the salt value provided to the crypt command to select one of 4096 cryptographic machines all based on the DES standard algorithm.
man crypt & makekey for further details.
Rgds,
Jeff
The HP-UX PAM modules use the crypt command which simulates a one rotor 256 element rotor similar to the German Enigma system.
Also the crypt command uses the makekey command which takes the salt value provided to the crypt command to select one of 4096 cryptographic machines all based on the DES standard algorithm.
man crypt & makekey for further details.
Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2005 01:26 AM
тАО04-29-2005 01:26 AM
Re: Algorithm for encrypting passwords
Thanks for that, should keep the authorities happy for a bit longer. Cheers, RV
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2005 04:10 AM
тАО04-29-2005 04:10 AM
Re: Algorithm for encrypting passwords
Actually, the details are quite explicit (and haven't changed for more than 20 years) in the man pages for:
man 4 passwd
man crypt
man makekey
The system is based on the German Enigma machine, a mechanical encryption device used during WW2. The software system uses 256 rotors (mechanically difficult) and some other techniques to keep the password encryption at a high level. Note that this encryption method is 'lossy' in that there is no method to directly decode the password. Or more accurately, several strings can encrypt to the same value.
The weakness in the Unix password is due to human nature. If you have an encrypted password string, you could try guessing millions of words and numbers until a match is found (the result matches the encrypted target password). By hand, this is impossible to accomplish in a reasonable time period, but by computer, this can be attempted using giant dictionaries along with common number and special character substitution. Current stats show that passwords can be guessed for about 40-60% of typical user accounts.
That's why it is never recommended to use the standard Unix method for password storage (/etc/passwd) but to use the TCB method (called Trusted in HP-UX) or shadow password system. In this way, the encrypted password is hidden in a root-only directory. Trusted systems use the same encryption method but remove the limitation of 8 character passwords.
Have your auditors use Google to search for:
Unix passwords Enigma
to see the history and background details.
Bill Hassell, sysadmin
man 4 passwd
man crypt
man makekey
The system is based on the German Enigma machine, a mechanical encryption device used during WW2. The software system uses 256 rotors (mechanically difficult) and some other techniques to keep the password encryption at a high level. Note that this encryption method is 'lossy' in that there is no method to directly decode the password. Or more accurately, several strings can encrypt to the same value.
The weakness in the Unix password is due to human nature. If you have an encrypted password string, you could try guessing millions of words and numbers until a match is found (the result matches the encrypted target password). By hand, this is impossible to accomplish in a reasonable time period, but by computer, this can be attempted using giant dictionaries along with common number and special character substitution. Current stats show that passwords can be guessed for about 40-60% of typical user accounts.
That's why it is never recommended to use the standard Unix method for password storage (/etc/passwd) but to use the TCB method (called Trusted in HP-UX) or shadow password system. In this way, the encrypted password is hidden in a root-only directory. Trusted systems use the same encryption method but remove the limitation of 8 character passwords.
Have your auditors use Google to search for:
Unix passwords Enigma
to see the history and background details.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2005 04:58 AM
тАО04-29-2005 04:58 AM
Re: Algorithm for encrypting passwords
Thanks also for this, I had a look at the Trusted mode and what it can do in terms of advanced password features and also the TCSEC C2 assurance the overall OS has.
I'd be keen to know if the authentication modules in the trusted mode have been included in an ITSEC or Common Criteria Target of Evaluation and any resulting E/EAL value achieved.
Many thanks,
Richard
I'd be keen to know if the authentication modules in the trusted mode have been included in an ITSEC or Common Criteria Target of Evaluation and any resulting E/EAL value achieved.
Many thanks,
Richard
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP