md5 passwords

[at]

This is off the top of my head... buyer beware.

The passwords may have salt added to them. I know this is done
for crypt, but I'm not sure if this is done for all
other hash algorithms. With crypt the salt is the
first two characters (12 bits). 

On my OpenBSD system (which uses Blowfish) my passwords look like:
$2a$06$M43SrlFfnlLoFmK3ZAtnfquh3PsM/QZNdNNAwBEse1ReOrV4IjYeMs
The first 128 bits are defined as the salt -- which I think is
the first 4 characters if it's encoded in base 64.

If you want to send me some of your password file with
the plaintext passwords, then I will take a quick look
to see if I can figure out what they are doing.

Yours,
Noah Spurrier
P.S. Do you understand salt? You create a random salt 
before starting.  You add that to the plaintext password then run 
the hash. You store the salt and hash in the password file. 
To check a password you take the salt from the password file
and add it to the plaintext password you are testing; run
the hash algorithm and check against the encrypted password.
This just help to prevent people from taking a huge dictionary
and running the hash on each word then check to see if any match
the hashes in your password file.

> Can anyone explain to me how to use the md5 module to generate
> passwords for the shadow password file?
> 
> I would like to be able to be able to os.system('useradd -p
> md5/crypt username')
> 
> I can generate the required crypt hashes no problem, but can't
> seem to figure out how to generate and md5 hash that looks
> anything like what I see in /etc/shadow.
> 
> -- 
> Stand Fast,
>     tjg.
> 
> Timothy Grant                         tjg at exceptionalminds.com
> Red Hat Certified Engineer            www.exceptionalminds.com
> Avalon Technology Group, Inc.         <><       (503) 246-3630
> >>>>>>>>>>>>>Linux, because rebooting is *NOT* normal<<<<<<<<<
> >>>>This machine was last rebooted:  59 days  1:59 hours ago<<
> 


==================================
Posted via http://nodevice.com
Linux Programmer's Site