How to create an encrypted blank password with sha512

September 13, 2013

First let me explain why I want to do something like that. By the way at the bottom of this article is the one-liner which will do what you want. I just like to write a bit more for those who find it entertaining.

First of all, because it’s fun. So I’m a geek and my idea of fun may be a bit diluted, but finding out how to do it was fun. Secondly it’s just a tad more secure than having a blank in /etc/shadow which is just to easy to spot. And in the third place users with blank password can have annoying limitations. As it should be, I must admit.

And finally, which is actually the reason for having blank passwords in the first place, this computer is used by my little nieces and my mother and I don’t want to burden any of them with a password. Yes I can proudly say that my 9 year old niece has been using Linux for years. 🙂 Who says Linux is hard?

And to anyone having that prejudice I can only suggest trying to install windows by themselves, spend two days rebooting and updating (they go hand in hand) and fixing those annoying update problems and the accompanying incomprehensible error messages. Compare that with installing Linux, which would take you about an hour to have a fully functioning completely updated system with all the programs you need and just those and all of that without needing to have any technical knowledge, provided you choose an easy distribution like Ubuntu or one of its derivatives.

Sorry for my rambling, but I just spend a weekend installing a laptop with a messed up recovery, for which I needed to download the windows aik, burn a windows recovery disk on another pc and use the terrible Microsoft command prompt. And let’s not forget all those nice free programs on windows which all want to install other programs and tool bars you don’t need, or search engines that can’t find a single useful bit of information. And of course each time they update you’ll get the same, all for your convenience.

Enough about my frustration with Windows. So I knew it was possible to have a blank encrypted password, because I know Ubuntu did it. They may still do, but I don’t use it anymore since it wasn’t made for me. I make to many customizations and that doesn’t work well with doing an upgrade to a new version. Arch is my weapon of choice nowadays. Well anyway, let’s get back to the subject at hand.

All the password are stored in /etc/shadow, not the passwords themselves of course, but a salted hash. On this page I found a very good description of the file format. As it says in the comments, it explains a lot of aspects others overlooked. The next question was: “How does one create a salted hash?” To which I found the answer on serverfault. That’s all just nice and fine but I wanted the salt to be random, so that each of my users would have a ‘unique’ password, at least by the look of it, in /etc/shadow. Which meant I needed a random string. That’s where this page helped out.

Combining all that information into one line, you’ll get:


python2 -c 'import crypt; print crypt.crypt("", "$6$'$(date +%s | sha256sum | base64 | head -c 8)'")'

Just copy and paste the line above to your terminal and it will output a random encrypted blank password. This should output something like this:
$6$ZjA1OGQ3MjQyYTY3$LhiJVq8kq9ezxbHjeElvCb8q.99UUFKinNij6eeV.F.NGH4Kw2hHDS6VYVDNwJm66wpxsPYjIoVrVWAOKVJcp/

Pretty nifty, ain’t it? Don’t get mislead by the sha256sum. It’s just for creating the random salt. Python does the encryption and “$6$” means it’s sha512, which is the standard nowadays. Since it’s in python 2, I had to change python from the original post to python2. It might be named differently on your distribution, but that’s how it’s called on Arch. All you need to do now is open /etc/shadow and paste the output string into it. I presume you know how to do that. Otherwise, just follow the link above and read that post.

Advertisements

How to switch from alsa to OSSv4

July 25, 2009

I’ve recently switched from alsa to OSSv4 on my linux box and I find the difference in quality amazing. I can now hear details in the music I did not hear before on my laptop. And as a nice side effect it solved a problem I’ve had with flash for a long time. After using firefox for several hours, sound in flash started to stutter and the only way to solve that was to restart firefox.

First of all, I’m using ubuntu 9.04 (Jaunty Jackalope) 32-bits with kernel 2.6.28-13-generic. I have a built in HD audio (ICH6 family). I never had any problems with alsa or pulse, though I removed pulse not long after installing, since I did not see the benefit of it.

benefits, drawbacks and popular misconceptions

beneftis

  • Better sound quality.
  • Mixing is done within kernel space, meaning lower latency
  • drawbacks

  • Your card may not be supported
  • midi is not supported yet.
  • sound recording on generic usb sound devices is not yet implemented, and support for those devices is still considered experimental.
  • popular misconceptions

  • Some people seem to believe OSS is a security risk, since it does mixing within kernel space. However, I’ve seen none of them explain why this would be so.
  • How to install OSSv4

    Before you begin.

    Install libasound2-plugins. Just open a terminal and type:
    sudo apt-get install libasound2-plugins
    Make sure your soundcard is supported.
    Here’s the list of currently supported cards.
    If you ever created a custom config file for alsa back it up and remove it. Since I know what kind of hell it is, to write one of those I would not want you to loose the work it took to create one. If you don’t know what I mean, just type.
    ls ~/.asoundrc
    ls /etc/asound.conf
    If both commands show nothing, consider yourself lucky you never had to create a custom configuration for alsa.
    Otherwise use sudo mv to move them to a back-up position.

    installation

    Go to the 4-front-tech website.. Click on download in the menu on the left. clik on the opensound logo (the big one on the left), choose Linux 2.6 (x86) (DEB), since this is a guide for ubuntu. If you have a 64 bit version of linux installed, choose the amd64 version instead. Now press submit and you will be provided with two download links. A installer deb and a pdf with instructions. Download them both.

    Reboot, press esc to enter the grub menu and choose the second option, start in recovery mode. Next choose a root prompt, either with or without network access. Use cd to go to the location where you downloaded OSS to and use dpkg -i to install it.
    I created a directory snd in my home directory and my username is tin. So here’s how it looked on my pc.

    cd /home/tin/snd
    dpkg -i oss-linux*

    Reboot and OSS is up and running.

    Troubleshooting

    general

    First to see if everything is working, open a terminal and type:
    lsmod | grep oss
    in my case, it shows:

    oss_usb 117132 3
    oss_hdaudio 143076 7
    osscore 561844 4 oss_usb,oss_hdaudio

    This means I have hd audio sound card and one or more usb-ports, where I could attach a usb sound device to. If you only see the usb_audio device and not your internal card, just reboot and uninstall. If you’ve experienced the superior sound quality on a different machine and you’re disappointed that your hardware is not supported. Please go to the oss forum for help.

    Both the arch and the opensound wiki show how to create the following configuration in /etc/asound.conf or ~/.asoundrc

    pcm.!default {
    type oss
    device /dev/dsp
    }
    ctl.!default {
    type oss
    device /dev/mixer
    }

    I would strongly advice against doing so. Most applications support both the oss and the alsa api. Since the kernel developers switched from alsa to oss, when oss became closed source in the past, alsa became the standard for most applications. This would mean your applications will use the alsa api to output to oss, instead of using oss directly. I also had the problem, that I was no longer able to play anything on 44.1 kHz, since my sound card is set to use 48kHz.

    gstreamer (and system sounds)

    Gstreamer is the backend used by totem 1 (aka movieplayer), banshee and songbird. It is also used in the gnome-desktop to play system sounds.
    Normally this is set correctly by the installer. Unless you’ve done changed the setting manually you would not need to change this.
    To set the sound output correctly, open gstreamer-properties from a terminal.
    Choose custom for both input and output, then osssink as output and osssource for input. (notice the 3 esses in both cases)
    gstreamer-properties

    flash

    If you have no sound in flash, check that there’s only one file called libflashsupport.so on your system and it links to the proper file.

    ls /usr/lib/libflashsupport.so -al
    lrwxrwxrwx 1 root root 38 2009-07-22 00:05 /usr/lib/libflashsupport.so -> /usr/lib/oss/lib/libflashsupport_32.so
    sudo updatedb
    locate libflashsupport.so
    /usr/lib/libflashsupport.so

    If you have more than one occurrence of libflashsupport.so remove them. If the files is not there or not linked correctly, this is how you can create a new symbolic link:
    sudo ln -s /usr/lib/oss/lib/libflashsupport_32.so /usr/lib/libflashsupport.so

    jack audio connection kit

    The only not working after installing oss, was jack.
    When I did a sudo jackd -h, it did not show oss as a sound-option, though it showed jack_oss.so in /usr/lib/jack/
    sudo ldconfig
    solved that.

    pulse audio

    Though pulse is rather unnecessary when using oss, this is how to activate it, according to the oss wiki.
    For pulse audio to work, you need to make a few adjustments.
    Open a terminal and enter:
    sudo gedit2 /etc/pulse/default.pa
    put a # in front of module-hal-detect
    uncomment the line with module-oss and add mmap=0 to it.
    if the line does not exist, add the following line to the end of the file.
    load-module module-oss device=”/dev/dsp” sink_name=output source_name=input mmap=0
    You should of course make a comment (a line starting with #) to document your changes. 😉

    uninstall

    Reboot and go to a terminal, like described in the installing procedure, and type:
    sudo apt-get purge oss-linux
    Also revert other changes you have made in the settings. If you haven’t changed anything, your system should be back in the state it was before.

    Some notes

    resources

    The opensound wiki
    the arch wiki
    sound in linux not so sorry after all
    Please note that both wiki’s provide more information about settings for different applications. I only provided the ones I considered standard.

    footnotes

    1. There is of course also a totem version with xine as a backend.
    2. If you don’t use gnome, replace gedit by kate for kde, mousepad for xfce, leafpad for lxde or nano if you prefer to edit within the terminal.

    version history

    1.0 created 25/7/2009

    disclaimer

    If you find anything incorrect in this tutorial, please notify me. You can do so by commenting in the thread. If this was helpful to you and you like OSS, it would be nice to let me know, by placing a comment. 🙂 This is not a support forum. If you would like some help and you use ubuntu, create a thread in the ubuntu forums, and post a link here. Any additional information, like special settings for specific hardware would also be appreciated. If you’re missing something, you are also very welcome to write a request.

    It may take some time, before I approve your comment. If you want to start a discussion wetter oss is better/worse than alsa, do it elsewhere and just post a link here. If I think your comment is inappropriate I’ll delete it after reading. This doesn’t mean you are not to allowed to post negative experiences if you’ve had them. Just don’t use inappropriate language. If it’s your hobby to insult people, just go yell at your friends and tell them what kind of morons they are, for an even better experience I’d advice total strangers in a public place, preferable ones a bit bigger than you and looking not too bright. Here however is not the place to do so.

    March 16, 2009

    I was reading a bit about BeOs, which I tested and loved more than ten years ago, just before they ceased to exist. Such a shame all their work is lost and others have built a new OS on the API, which is now more or less usable for every day use. The new version is called haiku. That is at the moment. There have been some name changes, stopped projects, others back on it etc, etc. Anyway I’m posting this, because one of the great features was the webbrowser which showed error messages in haiku form. Read them here.Errormessages were a lot more common then. At least in my experience. Showing a haiku is a lot less frustrating than 404.

    post secret

    February 18, 2009

    I know it’s old, but it’s still great. Post secret started a couple of years ago by an unknown artist who spread 3000 postcards with his own address on it, and asked people to write their biggest secret on it. A few months later his house was filled with postcards and they kept coming. Now, after a couple of years, people are still sending him postcards. He has made several books with collections and he has a blogsite, which is regularly updated with new cards. The cards are selected and ordered in a way, which will give you the impression a small story is being told to you. Just check it every now and then and let it touch you.

    EDIT: Not everybody is fond of post secret.

    funny updates

    February 10, 2009

    Today, one of the updates of xubuntu showed a “tips on startup”-window for my desktop, whith an extra fortune option. This is one of the fortunes which made me smile. 🙂

    A Tale of Two Cities LITE(tm)
    — by Charles Dickens

    A man in love with a girl who loves another man who looks just
    like him has his head chopped off in France because of a mean
    lady who knits.

    Crime and Punishment LITE(tm)
    — by Fyodor Dostoevski

    A man sends a nasty letter to a pawnbroker, but later
    feels guilty and apologizes.

    The Odyssey LITE(tm)
    — by Homer

    After working late, a valiant warrior gets lost on his way home.

    Passive aggresive notes

    February 10, 2009

    A weblog about all kinds of passive (and just plain) aggressive notes. Sometimes they can be quite funny.

    Art

    N.A.S.A.-The Spirit of Apollo

    January 26, 2009

    Today I stumbled upon this upcoming(February 17th) album:

    For more info and to hear some tracks, check their myspace

    speed up ubuntu

    January 22, 2009

    I’ve found a few post about speeding up linux, which looked promising:

    http://howto.wired.com/wiki/Speed_Up_Linux
    http://tuxtraining.com/2008/09/28/how-to-make-ubuntu-extremely-fast

    rechtszaak Geert Wilders

    January 22, 2009

    Vandaag zag ik bij “De Wereld Draait Door” dat er een rechtszaak tegen de uitspraken van Geert Wilders gaat komen. Ik was net even de reacties hierop aan het lezen op de Limburger. En ik moet zeggen dat ik mij toch verbaasde over de stupiditeit van de Nederlandsche politici, als ik de bronnen daar mag geloven. De enige zinnige uitspraak komt van GroenLinks : “De politiek moet zich niet bemoeien met de gerechtelijke uitspraak over een rechtszaak tegen Geert Wilders.”

    Ligt niet aan de basis van onze rechtsstaat de scheiding tussen de 3 machten (de wetgevende, de uitvoerende en de rechterlijke)? Op het moment dat iemand verdacht wordt van het schenden van wetten, dan dient hij vervolgd te worden. De rechter moet dan beslissen of hij schuldig is of niet. Of diegene nu een politicus is of niet, dat doet daarbij niet ter zake. En de rechterlijle macht heeft vandaag besloten dat Geert Wilders vervolgd dient te worden. Dit besluit is door 3 rechters genomen. In de uiteindelijke zaak zal zijn schuld of onschuld dan wel gaan blijken.

    Allerlei politici beroepen zich op de vrijheid van meningsuiting. Het klopt dat dit een van onze grondrechten is. En dit is natuurlijk ook een belangrijk recht. Maar hier zijn wel grenzen aan gesteld. Je mag bijvoorbeeld ook niet zeggen, dat je vindt dat ze  Geert wilders een kogel door zijn kop moeten schieten. En terecht natuurlijk, dat dit niet mag. Dat is aanzetten tot haat en een doodsbedreiging. Vreemd genoeg hoor ik mijnheer Wilders dan niet roepen over vrijheid van meningsuiting.

    In zijn reactie vandaag zag ik hem ook nogmaals herhalen dat hij de Koran vergelijkbaar vindt met het boek “Mein Kampf.” Nu ben ik beter bekend met de bijbel en niet zo goed met de Koran, omdat ik die niet zo makkelijk leesbaar vond. Wel weet ik dat in mijn vertaling (ja ik weet dat dit door sommigen als heiligschennis beschouwd wordt, maar ik spreek nu eenmaal geen Arabisch) op de eerste bladzijde staat, dat Christenen, Joden of zelfs heidenen die goed leven, zoals Allah van ons wil, even goed zijn als goede moslims, met de kanttekening erbij dat dit vaak niet het geval is. (Iets wat gezien de persoonlijke ervaring van de profeet Mohammed met Joden en Christenen een heel begrijpelijk standpunt is.) Maar die vorm van tolerantie voor andere godsdiensten ben ik de bijbel nooit tegengekomen.

    Sterker nog, als je brieven van de apostelen leest of de geschiedenis van het beloofde land in het Oude Testament, dan is er een duidelijke intolerante houding ten opzichte van andere geloven. Kanaan was een land waar andere volkeren leefden, toen de joden uit Egypte kwamen. Op gruwelijke wijze zijn vervolgens al die verschillende stammen afgeslacht. Ik kan mij natuurlijk vergissen, maar volgens mij noemen wij zoiets genocide. En hoewel hier in het Nieuwe Testament geen sprake van is, spreekt uit de brieven van de apostelen een duidelijke afkeer tegen de wijze waarop het er in sommige gemeenschappen (waar de brief aan gericht is) aan toegaat en wordt mij als lezer niet altijd duidelijk wat hier exact de reden van is. Betekent dit dat we de bijbel ook als facistisch boek moeten beschouwen?

    Dit lijkt me niet de conclusie die we moeten trekken. Het is waar dat een godsdienstig boek misbruikt kan worden, door bepaalde passages eruit te pikken en hier een eigen interpretatie aan mee te geven. En deze extremistische uitwassen, of ze nu uit de christelijke, joodse of islamitische hoek komen, moeten aangepakt worden en bestraft. Zou dit het standpunt van Geert Wilders zijn, dan zou ik hem gelijk geven. Wat ik echter zie, is dat hij alle moslims over een kam scheert en het geloof op zich aanvalt. Hij maakt zich er dan wel met een slap excuus van af, dat hij niet tegen de gelovigen (de moslims) heeft, maar wel tegen het geloof. Hoe hij dit onderscheid wil zien is mij niet duidelijk. Ik zie het als een aanval op een bevolkingsgroep, de mensen met een arabisch uiterlijk, die hij verhult met eufemistich taalgebruik en zodoende aanzetting tot haat. Maar de rechter zal oordelen, zoals het hoort in onze rechtsstaat.

    3th person point and click adventures

    January 21, 2009

    I totally love the classic 3th person point & click adventures, since the days of Larry 1 and Monkey Island. I’ve played all the games I could get in the genre, there have been just a few games which I didn’t finish till the end. They must be really really bad for me not to finish them. Of all those games I’ve played I’ve only found a few remarkable. So today will be about those gems, which I thought stood above the rest. Of course I loved the Monkey Island series. They were fun, particularly because of the weird humor and I actually liked and played all Lucas Arts adventures. They’re good, but not the best.

    The best and most compelling adventure I ever played would be “The longest journey” Man, what a story, It’s revolving around you and you don’t know where it will lead to untill it ends. You start as an art school student with weird dreams and a really strange old man outside your student house, who knows about your dreams and you end up saving the world in a parallel universe. The main character is a sweet but very sceptical girl, which brings a bit of humor into the story and you comprehension of the world (the world of the adventure you’re in) slowly changes and she has a very hard time accepting that. Great puzzles, mostly logical and a few references of the classics they loved, like a rubber chicken with a pully from Monkey Island and you can buy a flute, which plays the melody of the bird in KQIV (if my memory serves me right). Great voice acting, and rather good facial expressions.

    Speaking of Kings Quest, I found part IV and especially part VII the best. Part IV is one the first with different ways to solve the adventure, a short path and a long one. And part VII is like a Disney story, complete with title song and ending song. It’s also just as colorful and romantic as the old Disney stories. Just wonderfull. If you’re a KQ-fan I can also advise de fanware remake of KQII, by Tierra Studios. They’ve created VGA-graphics, added puzzles and changed the story to make it more logical and best of all you can download it for free :). KQ is one of the best series of Sierra, not that lame humor found in the Larry and Space Quest series.

    Gabriel Knight though is an even better series, renewing their technique in every game. The first one is a classic point and click, the second one uses small movies to tell the story and the third one uses a 3D engine. The compelling thing about the games is the story though, each game takes a paranormal theme (first voodoo, next werewolfs and the third is about vampires) And you’re the hero who has to solve the mystery and get the bad guys, doing a lot of research in the game to learn about your subject. Doing the research is a part which really helps in feeling involved in the games.

    Another great series is from Revolution, the broken sword series, with the 3th one being the best. The first two are in the classic 2D, semi 3D perspective. The 3th one is 3D and has semi-action sequences. The semi action, makes it not too hard for hardcore adventurers like me, but still gives you the feeling of being more involved in the game. And it has some quite good voice acting.

    I’m getting tired of writing, so I’ll end this article with just one more great game. It’s an action adventure with 3D shooter sequences and streetfighter like fighting in the game. They’re not too hard though, since even I could finish them. It’s the one of the few games, I’ve finished without hardly consulting a walkthrough. Not that it was so easy, but it just was logical enough and gave you enough hints to continue. But let me tell you the name of the game: Omikron: The Nomad Soul. Another great extra in the game is the David Bowie music. In each level you can go to a show of a band, which plays one of the Bowie songs, written specially for the game. In the beginning of the game, there is an Omikronian policeman asking you, to leave your dimension and put your soul in his body, to help to save their world. There you start, not knowing who and where you are in a world you know nothing about and slowly start to find out what’s going on around you. As you progress in the game, you keep discovering, that things are different from what you thought and learned before.