Re: generating linux passwords using openssl

[Danny Sauer <sauer@cloudmaster.com>]

On Sun, Apr 29, 2001 at 05:06:04AM -0500, charles@lunarmedia.net wrote:
> i'm messing around with taking a plain text password and running
> 
> 	openssl passwd -salt <characters> <passphrase>
> 
> to compare the outcome with entries in my /etc/shadow file. the output i
> am seeing from this command is very different from the output i see in
> /etc/shadow.
> 
> for example, in /etc/shadow, i see:
> 
> 	test:$1$1pqC/5DL$d/xHPgKHEilQeSqcArGNP0
> 
> test is a user whose passphrase is "charles"
> 
> i think that the salt for this password is "$1$" (the first three
> characters, right?)
> 
> when i run:
> 
> 	openssl passwd -salt $1$ charles
> 
> i get:
> 
> 	$AdaOyvpHrybM
> 
> which is considerably different. the only options i see for encryption
> methods under openssl are -apr1 for md5 and -crypt which is the default
> and is standard unix encryption.
> 
> why such a difference in the two hashes?

For one thing, if you ran that on the command line, the $1 was probably
replaced with the value of the $1 variable - you might want to try using
single quotes around the salt...  You might also want to use the -apr1
switch to get those really long MD5 password thingies instead of the 8+2
"regular" crypt() output as well.

I'm partial to the command line

echo pass | perl -ple'@a=(A..Z);$s=$a[rand(26)].$a[[rand(26)];$_=crypt($_,$s);'

myself, but then, that's just me using Perl everywhere... :)

--Danny
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.