Reputation: 870
Generating a password hash similar to the one inside /etc/shadow
Hallo i want to make a script that hashes passwords and compares them with the ones inside /etc/shadow... But i have one hitch
The passwords at /etc/shadow usually get a strange and unique hash salt every time a new user is created how can i be able to generate a similar hash using the same password?
To be able to have identical passwords the one i have and the one at the shadow file
I have tried using perl python mkpasswd all without matching it In particular where does the salt come from and can i change it?
Upvotes: 0
Views: 2805
Answers (2)
Reputation: 55
The salt would be randomly generated for each username. How exactly the random salt is generated is not clear.
However, once the salt is generated by the PC, the user-supplied PASSWORD is suffixed with the salt value and hashed many times with a suitable hashing algorithm to generate a hash value which gets stored in /etc/shadow.
E.g. In modern Linux/Ubuntu, SHA-512 is typically used as a hashing algorithm. So, if you retrieve the SALT from /etc/shadow, then the hashed password can be generated as shown in the command-line snippet below:
mkpasswd -m sha-512 -S SALT -R 5000 PASSWORD
In snippet above, if you know the random SALT generated by the system for the user (available in /etc/shadow file) and the user-supplied PASSWORD, mkpasswd can calculate the hashed password which is stored in /etc/shadow for you. The default number of times the SHA-512 algorithm is supplied is 5000. mkpasswd is available in package whois, so if you can run the following cmd to install the tool in Linux:
sudo apt-get install whois
Upvotes: 0
Reputation: 3310
The algorithm is described at: * http://en.wikipedia.org/wiki/Crypt_%28C%29 or as you use Perl * http://perldoc.perl.org/functions/crypt.html
The first couple of chars in the hash are the "salt" based on random characters, which is used to produce different hashes for the same password to make rainbow table attacks harder. The 13 character long DES based hashes have exact two characters as salt.
To verify a password use: if (crypt($plaintext, $hash) eq $hash) { print("OK"); }
Upvotes: 1
Related Questions
- Generate password hash in java like openssl passwd -1
- Platform-independently generate Linux password in Modular Crypt Format (MFC) SHA512 for /etc/shadow in Ruby
- Using Go to generate hashed password strings suitable for `/etc/shadow`
- How do I generate an encrypted password string, as it is in /etc/shadow?
- Generate hash to match the User password
- How can I calculate shadow password for sha-512 using php/shell
- How to encrypt passwords stored in a file rather than /etc/shadow in Linux
- Hashing a password for unix shadow file
- Using ruby to generate SHA512 crypt-style hashes formatted for /etc/shadow?
- Hashing a string using the algorithm that Linux uses to hash users' passwords?