All geek questions in one place

Creating glibc 2.7 Sha-512 crypt styles in Perl

So, I have a website that reads / verifies (and writes) password hashes from the database, and I have something that makes SHA-512 style password hashes for them:

$6$GloHensinmyampOc$AxvlkxxXk36oDOyu8phBzbCfLn8hyWgoYNEuqNS.3dHf4JJrwlYCqha/g6pA7HJ1WwsADjWU4Qz8MfSWM2w6F.

The website is Java based, so I wrote SHA-512 for it. The problem is that there are several perl cron jobs that run this one and to occasionally check the password hashes for the database, and since those that run in the Solaris window, this crypto does not support the $ 6 $ format.

So when I do this:

 printf("crypt => '%s'\n",crypt("Hello",'$1$CygnieHyitJoconf$'));

I come back reasonably:

 crypt => '$1$CygnieHy$n9MlDleP0qmGCfpbnVYy11'

Whereas if I do

 printf("crypt => '%s'\n",crypt("Hello",'$6$CygnieHyitJoconf$'));

I get useless

 crypt => ''

Is there a way to get SHA-512 password hashes in Perl on a field that does not use glibc? (This is what they tell me when I usually search ("use crypt").

I would prefer not to reinstall the SHA-512 password hashes in perl.

Thanks!

+6
source share
2 answers

Actually, I think I just found my own answer: Crypt :: Passwd :: XS

Crypt :: Passwd :: XS - full XS implementation of common crypt () algorithms

These are unix_md5, apache_md5, unix_des, unix_sha256 and unix_sha512 .. I think it is a little unfortunate that it does not make blowfish. But, nevertheless, this solves my problem! Thanks @hobbs anyway!

 use strict; use Crypt::Passwd::XS; { printf("crypt => %s\n",Crypt::Passwd::XS::crypt("Hello",'$6$CygnieHyitJoconf$')); }

Now returns

 crypt => $6$CygnieHyitJoconf$vkGJm.nLrFhyWHhNTvOh9fH/k7y6k.8ed.N7TqwT93hPMPfAOUsrRiO3MmQB5xTm1XDCVlW2zwyzU48epp8pY/

as expected!

+7
source

Unfortunately not. crypt will be your libc crypt system, which is responsible for selecting algorithms and binding prefix strings to algorithms. If you want to access algorithms that are not in your crypt system, then you will need to use their reimplementation, and in the case of libc I do not know any reimplementations. glibc "SHA-512" hash password is not just SHA-512; this is a custom algorithm that does not exist outside of glibc that I know of. If you still have a chance, you can upgrade to an algorithm like bcrypt or PBKDF-SHA-2, which has several implementations in different languages.

+3
source

Source: https://habr.com/ru/post/917982/

More articles:


All Articles