[SOLVED] command to create encrypted password

student04 · 12-11-2004, 07:24 PM

Is there a command that I can enter to the console to create the encrypted version of my password as it is in /etc/shadow? The encryptions in my /etc/shadow start with $1$ and are 34 characters in length.

I know that

Code:

echo -n "password" | md5sum | cut -d ' ' -f 1

will create an md5sum hash.. but when I entered my password there it didn't come out to be the same. My question is: is there a command like above that can recreate the encrypted version of my password as it looks in /etc/shadow?

Thanks.

bostontech · 12-11-2004, 07:38 PM

To answer this you need to know about "salted" secure hashing alogorithms.
from www.securitytechnique.com:
To avoid the dictionary attack, modern systems will prepend a "random salt" to a password before applying the hash function. The salt is stored, unencrypted in the password database along with the salted and hashed password.

The password generation process using salted hashes looks like this:

1. Prompt the user for a password.
2. Generate a random salt (i.e.- a random string of bits.)
3. Prepend the salt to the password.
4. Hash the salted password.
5. Store the salt and the salted password in the password database.

The process of checking the password is now:

1. Retrieve the user's salt from the password database.
2. Prompt the user for a password.
3. Append the password to the salt.
4. Hash the salted password.
5. Compare the result from step 4 with the salted password in the password database.

The purpose of the salt is to increase the number of "dictionary entries" for each password. When storing a non-salted hashed password, an attacker would only have to pre-calculate one hashed password for each password to populate his dictionary. With salted passwords, the attacker would have to create a dictionary entry for each pair of salt values and common words.

Boston Tech

sigsegv · 12-12-2004, 12:56 AM

student04 You should read a modern man page for crypt(3) for a good understanding of how the passwords in shadow are stored.

bostontech You should read a modern man page for crypt(3) as your explantion doesn't cover md5/blowfish, and it's not really correct anyway. Figuring out the salt isn't too terribly difficult since it is (and always has been) stored in plaintext in the password/shadow file with the crypted string.

To answer the question, you have to have the salt out of the password file. So, let's assume you do. Let's say the password field out of shadow is

Code:

$1$R.bKJ.24$p4exiX8dbFK9.

Ok, so this is an md5 crypted password, and the salt is R.bKJ.24 (the dollar signs are seperators). The rest of the stuff is the crypted password. So ... Let's try this.

Code:

Escaped for tcsh, so you may have to adjust it for bash

perl -e 'print("\$1\$R.bKJ.24\$" . crypt("\$1\$R.bKJ.24\$", "p455w0rd" ) . "\n");'

Output should match the password field in shadow.

Make sense?

bostontech · 12-12-2004, 08:27 AM

the post was to really just let the user know why the entries in /etc/shadow look that way, and an intro to the concept of using salted values. If you really want to understand the concept you need to learn about it first and not just give someone the answer. Remember the saying "Give a man a fish and he eats for one day, but teach a man to fish and he'll eat for a lifetime".

sigsegv · 12-12-2004, 09:27 AM

Yes, I think I've heard that somewhere... I guess if you want to look at it like that, I gave a fish *and* a fishing pole, but whatever.

Also, posting copyrighted material without at least mentioning the author is generally looked down on.

student04 · 12-12-2004, 03:19 PM

I've changed my password so that I can post what the line looks like:

Code:

alex:$1$jVPltO5Q$HLsCM3KAPrvqfLrwVoUEr.:12764:0:99999:7:::

My salt would be jVPltO5Q and the encrypted password would be HLsCM3KAPrvqfLrwVoUEr., correct? The password i changed it to is password. Though,

Code:

[alex@localhost alex]$ perl -e 'print("\$1\$jVPltO5Q\$" . crypt("\$1\$jVPltO5Q\$", "password" ) . "\n");'
$1$jVPltO5Q$paOQ/SOME/Zw2
[alex@localhost alex]$

My encryption has a longer string stored in /etc/shadow, so something has to be adjusted.. I will read the link you posted and see what I can come up with.

Thanks.

rkoushik · 07-14-2013, 02:27 AM

I know this is an old topic, but since it was left open ended thought I could put in the right info.
the crypt function takes first argument as the password and second as the salt,
so it should have been
perl -e 'print("\$1\$jVPltO5Q\$" . crypt("password", "\$1\$jVPltO5Q\$") . "\n");'
whose output is "$1$jVPltO5Q$$1$jVPltO5Q$HLsCM3KAPrvqfLrwVoUEr."
It matches with the shadow file entry shared by the "student04"..

==========
alex:$1$jVPltO5Q$HLsCM3KAPrvqfLrwVoUEr.:12764:0:99999:7:::,
==========

unSpawn · 07-14-2013, 12:16 PM

Code:

_why_use_fixed_salt_if_you_can_use() { openssl passwd -salt $(openssl rand -base64 6) -noverify ; }

jdpond · 09-15-2013, 08:44 PM

I found this thread useful and it pointed in the right direction, but specifically I was trying to update accounts on multiple servers without sending the password (only sending the hash).

The steps are:

Generate an SHA512 password hash usable as a password hash by login
Set the "youruserid" user password to be that hash using the chpasswd command.

Assumptions:

Machine on which you generate has Perl and OpenSSL installed
Destination Machine has chpasswd

This will prompt you for a password without echoing it to the screen or putting it into your history file and store it. The -e option tells chpasswd you have already encrypted/hashed the password.

Code:

echo "youruserid:$(source createpass.sh)" | sudo chpasswd –e

If you were going to put it onto another machine (or multiple users), you could generate the password hash using:

Code:

source createpass.sh

then put it to whatever user you wished as an already encrypted hash using:

Code:

sudo chpasswd –e
[whateveruseridyouwant]:[your already generated hash]
ctrl"-d

or use the single line command:

Code:

echo [whateveruseridyouwant]:[your already generated hash] | sudo chpasswd -e

This script file (entitled createpass.sh for this exercise)

Code:

#!/bin/bash
# Create an SHA512 binary password hash using a randomly generated 16 character salt
#
# This hash can be used to change the user password using the command:
#     echo "youruserid:$(source createpass.sh)" | sudo chpasswd –e
#
read -s -p "Password: " _password
export _salt=$(openssl rand 1000 | strings | grep -io [0-9A-Za-z\.\/] | head -n 16 | tr -d '\n' )
export _password=$_password
echo $(perl -e 'print crypt("$ENV{'_password'}","\$6\$"."$ENV{'_salt'}"."\$")')
unset _password
unset _salt