Reputation: 653
crypt(3) $6$ password hash algorithm (based on SHA-512) in Java?
I'm looking for a Java function to generate/verify password hashes that were encoded in the way crypt(3) does when storing them in the Linux "/etc/shadow" file if sha512 is activated in "/etc/pam.d/common-password".
The plaintext string "geheim" will translate to:
"$6$WoC532HB$LagBJ00vAGNGu8p9oeYDOSNZo9vTNTzOgPA.K0bJoiXfbcpj3jBuTkNwdzCrSNadRi8LanH1tH6tGGPPp/Lp3."
From http://www.akkadia.org/drepper/SHA-crypt.txt I understand that, like with MD5, it's not just a SHA hash like DigestUtils or the Java MessageDigest classes produce but an algorithm that does a bit more magic.
Upvotes: 7
Views: 34659
Answers (3)
Reputation: 3181
Take a look on Apache Commons Codec Digest
Also jBCrypt you may find useful.
In this article Modular Crypt Format or, a side note about a standard that isn’t a lot of details of Crypt3 format.
Upvotes: 3
Reputation: 653
I found Java implementations for all the new crypt() algorithms here: ftp://ftp.arlut.utexas.edu/java_hashes/
Upvotes: 5
Reputation:
The othe question you refer to only provides links to the traditional crypt(3) method based on DES and the "$1$" method based on MD5. I need to check passwords that use the "$5$" method that is based on SHA-1 or even the "$6$" method that is based on SHA-512.
Based here means that crypt(3) uses e.g. SHA-512 but adds a salt value and does several iterations as described on http://www.akkadia.org/drepper/SHA-crypt.txt
Upvotes: 0
Related Questions
- SHA-512 hashing with Java
- How to hash a password with SHA-512 in Java?
- How can I decrypt SHA-512 hash code using salt?
- SHA-512 not supported by Java?
- How can i use the same sha512 of c# in java
- SHA2 password hashing in java
- Java Sha-512 Message Digest with salting not matching linux shadow file hashed passwords
- Is my implementation of Salting and SHA-512 hashing passwords correct/secure?
- Use SHA-512 and salt to hash an MD5 hashed password?
- Library providing various hash algorithms (MD5, SHA1, SHA256, etc) in Java?