Re: Testing a password

To: Todd Gruhn <tgruhn2%gmail.com@localhost>
Subject: Re: Testing a password
From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Date: Wed, 29 Apr 2020 21:55:23 -0500 (CDT)

On Wed, 29 Apr 2020, Todd Gruhn wrote:

> I found the master password file. The passwords that were set (root,
> cvs, my account)
> all start with $sha$ -- so the passwords are encrypted using SHA?
>
> If I write a PERL program that checks passwords (cant use crypt), how 
> would I do this? Any particular modules I need?

You will need to salt it the same way which 

For the C reference see __gensalt_sha1() and pw_gensalt()
src/lib/libcrypt/pw_gensalt.c

(NOTE: a pw_gensalt(3) manual page needs to be written)

with example use in src/lib/libpam/modules/pam_unix/pam_unix.c
and src/usr.bin/passwd/local_passwd.c

(NOTE: the crypt(3) manual page needs to be updated to document the 
$sha1$ behavior.)

For perl, you can try
p5-CryptX
or
Digest::SHA (I think in default install perl install)

References:
- Testing a password
  - From: Todd Gruhn

Prev by Date: Testing a password
Next by Date: Re: Testing a password
Previous by Thread: Testing a password
Next by Thread: Re: Testing a password
Indexes:

Home | Main Index | Thread Index | Old Index