Crypt (3) $ 6 $ password hash algorithm (based on SHA-512) in Java?

Question

Crypt (3) $ 6 $ password hash algorithm (based on SHA-512) in Java?

I am looking for a Java function to generate / verify password hashes that were encoded in the crypt(3) when stored in the Linux / etc / shadow file if sha512 activated in "/etc/pam.d/common-password".

The plaintext string "geheim" will be translated into:

 "$6$WoC532HB$LagBJ00vAGNGu8p9oeYDOSNZo9vTNTzOgPA.K0bJoiXfbcpj3jBuTkNwdzCrSNadRi8LanH1tH6tGGPPp/Lp3."

From http://www.akkadia.org/drepper/SHA-crypt.txt I understand that, as in the case of MD5, this is not just a SHA hash code, for example DigestUtils , or Java MessageDigest classes produce, but an algorithm, which makes a little more magical.

+6

java sha crypt shadow sha512

lathspell42 Jan 30 '12 at 10:54

source share

3 answers

Check out the Apache Commons Codec Digest

Also jBCrypt you can come in handy.

This article is a modular crypt format or a note about a standard that does not contain many details of the Crypt3 format.

+1

stokito Mar 07 '16 at 11:16

source share

The question you are referencing provides links to the traditional crypt method (3) based on DES and the "$ 1 $" method based on MD5. I need to check passwords that use the SHA-1 based $ 5 $ method or even the SHA-512 based $ 6 $ method.

Based on this, it means that crypt (3) uses, for example, SHA-512, but adds the salt value and performs several iterations, as described in http://www.akkadia.org/drepper/SHA-crypt.txt

0

user1188139 Feb 03 '12 at 17:47

source share

lathspell42 · Accepted Answer · 2012-02-08T13:45:40+0000

I found Java implementations for all new crypt () algorithms here: ftp://ftp.arlut.utexas.edu/java_hashes/

Crypt (3) $ 6 $ password hash algorithm (based on SHA-512) in Java?

More articles: