[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: encrypting passwords for rootpw

From: Steve Traylen <s traylen rl ac uk>
To: kickstart-list redhat com
Subject: Re: encrypting passwords for rootpw
Date: Mon, 13 Jan 2003 09:43:39 +0000 (GMT)

You can for forget about salt and all that perl stuff
and use openssl to generate the crypt. Openssl will
add the salt for you.

Just type

$ openssl passwd
Password:
lu0t78Vw2b8XA

and enter your password, a crypt will be generated.

This will be a DES crypt. To generate a MD5 crypt.

$ openssl passwd -1
Password:
$1$yHhBvaFG$E.i/guQr.NFcoXuyOnIiN.

You can also read your passwords in from a file
if that is useful to you.

$ openssl passwd -help
Usage: passwd [options] [passwords]
where options are
-crypt             standard Unix password algorithm (default)
-1                 MD5-based password algorithm
-apr1              MD5-based password algorithm, Apache variant
-salt string       use provided salt
-in file           read passwords from file
-stdin             read passwords from stdin
-quiet             no warnings
-table             format output as table
-reverse           switch table columns

 Steve



On Mon, 13 Jan 2003, Cipriano Groenendal wrote:

> > > THIS IS A BADLY WRITTEN SCRIPT. It gets the job done, but you must be
> > > careful to generate the random salt properly, take care to prevent other
> > > users seeing the plaintext password in the output of ps, and take care
> > > to prevent the passwords you use ending up in shell history files. I
> > > might write a better version and post it later.
> > What is the meaning of salt. I am confused.
> > Where can I get more info on "salt"
> Take a look at `man 3 crypt` for more information on crypt and salts. From the man page:
>    salt is a two-character string chosen from the set [a-zA-Z0-9./].  This string is used to perturb the algorithm
>    in one of 4096 different ways.
> 
> Also an important note that'll save you some headaches:
> 
>  If the salt starts with $1$ an MD5 based password 
>  hashing algorithm is applied. The salt should consist 
>  off $1$ followed with eight characters.
> 
> So if you use --enablemd5 your salt /must/ start with $1$ or your system will be unusable.
> 
> Cipri
> 
> 
> 
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list redhat com
> https://listman.redhat.com/mailman/listinfo/kickstart-list
> 

-- 
Steve Traylen
s traylen rl ac uk
http://www.gridpp.ac.uk/

References:
- Re: encrypting passwords for rootpw
  - From: Cipriano Groenendal

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]