[lug] generating linux passwords using openssl

D. Stimits stimits at idcomm.com
Sun Apr 29 13:42:38 MDT 2001


charles at lunarmedia.net wrote:
> 
> i'm messing around with taking a plain text password and running
> 
>         openssl passwd -salt <characters> <passphrase>
> 
> to compare the outcome with entries in my /etc/shadow file. the output i
> am seeing from this command is very different from the output i see in
> /etc/shadow.
> 
> for example, in /etc/shadow, i see:
> 
>         test:$1$1pqC/5DL$d/xHPgKHEilQeSqcArGNP0
> 
> test is a user whose passphrase is "charles"
> 
> i think that the salt for this password is "$1$" (the first three
> characters, right?)
> 
> when i run:
> 
>         openssl passwd -salt $1$ charles

Someone already mentioned shadow passwords are via MD5 while crypt is a
different function. But here is another possible wrench in the
machinery: The "$1" can be interpreted as a shell substitution, and it
might not be passing it literally. $1 might end up being substituted as
the first argument of the command or a shell environment variable (which
in turn is probably empty). See if your results change when quoting or
escaping the "$".

> 
> i get:
> 
>         $AdaOyvpHrybM
> 
> which is considerably different. the only options i see for encryption
> methods under openssl are -apr1 for md5 and -crypt which is the default
> and is standard unix encryption.
> 
> why such a difference in the two hashes?

I would assume that anything via crypt() will always differ from an MD5
version. But if your MD5 appears to encrypt differently, perhaps it is
the shell playing tricks on you with "$" substitutions.

D. Stimits, stimits at idcomm.com

> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list