Using GLIBC2 libraries and crypt () functions to generate user passwords under Linux

Source: Internet
Author: User
Tags crypt

Basic knowledge

The password for the Linux user is implemented by the function crypt (). Crypt () is a cryptographic function (password encryption, plaintext into ciphertext), the function is based on the Data Encryption Standard (DES,DATA encryption) algorithm and DES-based other variant algorithm, the function does not rely on computer hardware to achieve data encryption. The DES algorithm is only suitable for encrypting strings, that is, for generating passwords. Although there are many ways to generate a password.

(1) About salt

Salt is a "random" string that confuses a key in a range of abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789./, The specific minimum length and maximum length vary depending on the encryption method. For more information, refer to other documents on the Web.

(2) Encryption policy

More precisely, the so-called password entered into the system is just a key to open a piece of encrypted content. In this way, it can be understood that:

Unique Key+unique salt-to-unique encryption, which is the only encrypted content available based on key and salt.

But the best expectations are:

Unique encryption + unique salt!--> Unique key that cannot be reversed based on encrypted content and salt.

(3) Related knowledge of GLIBC2 and Ctypt, can man glibc and man Crypt Linux Programmer ' s Manual (3, 7) part, or search related documents by themselves

(4) about the encryption method:

Both the CentOS and Ubuntu passwords are encrypted using the SHA-512 encryption method, and the sha-512 corresponds to the number 6.

Other encryption methods can refer to the following C language definition:

static const struct crypt_method methods[] = {    /*  Method           prefix  minlen, maxlen   rounds description */    {  "des",              "",     2,       2,      0,        n_ ("Standard  56 bit des-based crypt (3) ")  },    { " MD5 ",              "$1$",  8,       8,      0,  "MD5"  }, #if  defined openbsd | |  defined freebsd | |   (Defined __svr4 && defined __sun)     {  "BF",              "$2a$", 22,      22,     1,  "Blowfish"  }, #endif #if defined have_linux_ crypt_gensalt    {  "BF",               "$2a$", 22,     22,     1,  " Blowfish, system-specific on 8-bit chars " },    /* algorithm  2y fixes CVE-2011-2483 */    {  "Bfy",              "$2y$", 22,     22,      1,  "Blowfish, correct handling of 8-bit chars"  }, #endif # if defined freebsd    {  "NT",               "$3$",  0,      0,      0,  "Nt-hash"  }, #endif #if defined have_sha_crypt    /* http:// people.redhat.com/drepper/sha-crypt.txt */    {  "sha-256",          "$5$",  8,      16,      1,  "SHA-256"  },    {  "sha-512",          "$6$",   8,      16,     1,   "SHA-512"  }, #endif     /* http://www.crypticide.com/dropsafe/article/1389  */    /*     * Actually the maximum  salt length is arbitrary, but solaris by default      * always uses 8 characters:     * http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/       *   usr/src/lib/crypt_modules/sunmd5/sunmd5.c#crypt_gensalt_impl      */#if  defined __SVR4 && defined __sun     {  "Sunmd5",          "$md 5$", 8,      8,      1,  "SunMD5"  }, #endif      { NULL,             NULL,    0,      0,      0, NULL }};

(5) An example of a Linux system can be found in the/etc/shadow file

$6$yoursalt$005gz1.zsygebpp/u27h5ijan9crpacufvjrnmb5cfmvfhilunjciv3w3fri1tf4c/thd8mhvpk4i3eviuc8y1

Where 3 of the above string $,$6$ represent the use of the SHA-512 encryption algorithm, $yoursalt $ represents the salt value.

Realize

(1) C language implementation:

Vim encryptionwithcrypt.c
#define _xopen_source#include <unistd.h> #include <stdio.h>int main (void) {char *encryption;    Char key[] = "Yourkey";    encryption= Crypt (Key, "$6$yoursalt$");    printf ("Encryption is:%s\n", encryption); return 0;}
Gcc-lcrypt encryptionwithcrypt.c-o Encryptionwithcrypt./encryptionwithcrypt

(2) Other tools to achieve:

If you do not want to generate a password with the crypt () function, Ubuntu users can use the MKPASSWD provided in the WHOIS package to command the password, but there are other tools available.

# Ubuntu only, available on Ubuntuwhich mkpassed | | Apt-get install-y whoismkpasswd--salt= "Yoursalt"--method=sha-512

Reference

Mans 3 Crypt
Mans 3 Shadow
Mans 5 Sahdow
MKPASSWD source code, can be obtained by apt-get source whois, Unzip Tar.xz file method: xz-d whois_5.1.1.tar.xz && tar xf whois_5.1.1.tar.

Tag:linux password encryption method, Linux password encryption tool, Linux encryption algorithm, Linux crypt (), mkpasswd whois

--end--

This article is from "Communication, My Favorites" blog, please make sure to keep this source http://dgd2010.blog.51cto.com/1539422/1712244

Generate user passwords using GLIBC2 libraries and crypt () functions under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.