There's no reason to store the salt separate (in another variable) from the hashed result.
Maybe one is the crypt password, and the other is MD5.
Crypt hashes are short. MD5 hashes are long and you will see $ to designate that it is in fact MD5 and separated the salt from the hash.
Oh. Duh!
I must have read an incorrect explanation about encryption functions in dd-wrt in another thread. Thanks for clearing that up. _________________ WRT54G v3 - v24 r14471M NEWD Eko - AP
WRT350N v1.0
WRT600N v1.1 - halfway there!
Se7en is Darker...
No problem, it's easy to get mixed up with this stuff.
At this point I can't really remember if I reset the router after upgrading to SP1. I'm pretty sure I did, because I don't use the default password and dd-wrt asked me to change it on first boot.
But if you don't use default password and then upgrade without resetting, I think dd-wrt will automatically rehash it with MD5 and maybe store the old crypted password too. I could be wrong though..
Without a salt, if you run the same password through crypt or MD5 algorithm twice in a row, it will always produce the same result.
Using a salt prevents that. When you add salt to the equation, the same password hashed with different salt will likely produce two totally different results.
This helps prevent password cracking based on certain methods such as rainbow tables. And, when used properly, it also helps prevent someone from looking into the /etc/passwd or /etc/shadow files and see that two users have the same password.
Posted: Sat Oct 25, 2008 15:43 Post subject: Solved!
Hi everyone,
I changed my password in DD-WRT, and after that I wasn't able to log onto the gui anymore, but I still could telnet into the box. I managed to solve the problem, on my device at least.
What I did:
1. nvram get http_username
2. nvram get http_passwd
you'll get something like this back:
$1$Gx8FUhIl$.z7iEztD2uBp3ioztn22T1
The salt is: $1$Gx8FUhIl$
to get back the remaining part of the password/username I used a small script below:
(on an another linux box of course)
more test.php
#!/usr/bin/php
<?php
print crypt('admin', '$1$Gx8FUhIl$')."\n";
?>
If you start it you'll get something like this back:
$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.
Load this into your nvram (http_username+http_pass) and you should be able to log on to dd-wrt.
nvram set http_username='$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.'
nvram set http_passwd='$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.'
I also loaded it into newhttp_passwd I don't know if it makes sense.
After this you should be able to log on with admin/admin (user/pass).
Posted: Sat Oct 25, 2008 18:45 Post subject: Re: Default Password on whr-g54s dd-wrt24-sp1
deckardpt wrote:
any ideas?
You typed wrong. Or you didn't do the 30-30-30 reset after flashing.
telnet in and try those passwords... _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."