HPE Community
Operating System - HP-UX
1846190 Members
2615 Online
110254 Solutions
New Discussion

password encryption algorithm

 
SOLVED
Go to solution
Tong Hu_1
Occasional Advisor

‎05-04-2005 03:47 AM

‎05-04-2005 03:47 AM

password encryption algorithm

What kind of encrytion algorithms are used for the trusted and the untrusted password?

0 Kudos
Reply
11 REPLIES 11
RAC_1
Honored Contributor

‎05-04-2005 04:01 AM

‎05-04-2005 04:01 AM

Re: password encryption algorithm

The DES alogorithms is used for trusted/untrusted mode. The makekey command (which in turn calls crypt) can be used to prepare crypted string. The password basically consists of a hash and salt chars (used for encryptiion)
When a password is entered, a hash is matched and user authenticated if it matches.

Anil
There is no substitute to HARDWORK
Reply
Tong Hu_1
Occasional Advisor

‎05-04-2005 04:07 AM

‎05-04-2005 04:07 AM

Re: password encryption algorithm

how could I eliminate the encrypted password strings more than 13 characters?

Thanks
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-04-2005 04:16 AM

‎05-04-2005 04:16 AM

Re: password encryption algorithm

The only way I can think of to do that would be to use shorter passwords. A longer password equals a longer encrypted string.

I'm not sure why you would want that though.
0 Kudos
Reply
RAC_1
Honored Contributor

‎05-04-2005 04:18 AM

‎05-04-2005 04:18 AM

Re: password encryption algorithm

I do not think that you can control that. While setting a password (non-trusted mode), your max pasword char length is 8 chars. While you can set password char length more than 8 chars in trusted mode, your applications shoould be able to understant it. Rather stick to 8 chars password char length.

man passwd for details.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Tong Hu_1
Occasional Advisor

‎05-04-2005 07:18 AM

‎05-04-2005 07:18 AM

Re: password encryption algorithm

Sorry for the ambiguous question, I am asking about the encrypted password string in tcb files. Since we are trying to synchronize the encrypted password between the Sun servers and HP servers. Some of the encrpted password strings from HP are more than 13 characters, which won't work on Sun servers.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-04-2005 07:43 AM

‎05-04-2005 07:43 AM

Re: password encryption algorithm

Sounds like a jobs for NIS+ or LDAP or something other than just scripts.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-04-2005 03:04 PM

‎05-04-2005 03:04 PM

Solution

Re: password encryption algorithm

The password is always encrypted to exactly 13 characters as long as it it 8 chars or less in length. If the system is not Trusted, then pasword characters longer than 8 are silently ignored. In a Trusted system, long passwords are allowed but can easily be limited with system security policies. Run SAM and change the system security policy to 8 character maximum.

NOTE: This only affects new passwords. All existing long passwords must be changed. You can search the /tcb directory for long passwords and notify those users to change.


Bill Hassell, sysadmin
Reply
Tong Hu_1
Occasional Advisor

‎05-04-2005 11:48 PM

‎05-04-2005 11:48 PM

Re: password encryption algorithm

Thanks for all your help.
0 Kudos
Reply
Tong Hu_1
Occasional Advisor

‎05-05-2005 02:16 AM

‎05-05-2005 02:16 AM

Re: password encryption algorithm

One more extra question, if you can help please. Why Solaris doesn't care the password length, it always encrypt the password to 13 char length?

Thanks
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-05-2005 03:58 AM

‎05-05-2005 03:58 AM

Re: password encryption algorithm

Try typing the first 8 characters correctly and then adding random characters for 9 and beyond. I think you'll find that Solaris, just like HP-UX (untrusted), silently ignores characters 9 and above. Solaris is only encrypting the first 8, thus the 13 chars in /etc/passwd.


Bill Hassell, sysadmin
Reply
Tong Hu_1
Occasional Advisor

‎05-05-2005 04:29 AM

‎05-05-2005 04:29 AM

Re: password encryption algorithm

Thanks, you are the best.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.