the manpage for crypt(3) states
The characters in "salt" and "encrypted" are drawn from the set [a-zA-Z0-9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes in DES).
however, as of glibc 2.27, in the SHA-512 implementation (and likely in the MD5 and rest of the SHA implementations), it is not checked that the salt characters supplied by the user are strictly in [a-zA-Z0-9./] . any character other then NUL and $ seem to work. perhaps terrible things can be done with a salt containing a newline character or colon, separators in /etc/shadow and /etc/passwd . (though currently I do not see a way to exploit this.)
incidentally, the mkpasswd utility (in the Debian whois package) does check the salt character set.
No comments :
Post a Comment