Re: encrypting a string to hash form (736 Views)
Reply
Advisor
thrubovc
Posts: 34
Registered: ‎03-13-2012
Message 1 of 3 (748 Views)

encrypting a string to hash form

Hi all,

I've been strujggling past days to make it work. I need a simple one-liner to encrypt a string to a password form.  I want to automate password changing on my machines, which vary in OS and security level etc. So I know about this

openssl passwd string
or
echo string|openssl md5

 The first one doesn't accept passwords longer than 8 characters and the second one's hash isn't accepted by my machines. I know about a relatively short perl script that can do it, but a unix command is more convenient.

Thanks all

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 3 (741 Views)

Re: encrypting a string to hash form

The command "echo string | openssl md5" calculates a raw MD5 hash of the string, which is not the same thing as the MD5-based password hash algorithm.

 

Use this instead:

 

openssl passwd -1 string

 It will produce a proper MD5-based Unix password hash, which can be recognized by its standard "$1$" prefix.

 

Please refer to the OpenSSL passwd subcommand documentation:

http://openssl.org/docs/apps/passwd.html

 

Since you posted to the HP-UX section of the community, remember that HP-UX does not support the MD5 password encryption:

  • the default password storage mode (no Trusted System, no shadow passwords) supports only traditional Unix crypt() algorithm, with the 8-character limit.
  • the algorithm of the Trusted System Mode (now deprecated in 11.31) uses the bigcrypt() algorithm, which is compatible with crypt() with passwords of 8 characters or less, but can accept longer passwords.
  • if you use the shadow password mode (available as standard in 11.23 and newer), the default password algorithm is the traditional crypt(). However, there are free optional packages available at software.hp.com that will enable support for SHA512-based password algorithm (prefix "$6$"). With HP-UX 11.31, this will allow long passwords of up to 255 characters.

For HP-UX 11.23:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI

 

For HP-UX 11.31:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI11i3

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=LongPassword11i3

 

Attached is a small program for producing password hashes for the bigcrypt() algorithm. It is a slightly modified version of a similar program I found in the ITRC Forums (the predecessor of this Community).

It should be compilable with the HP-UX default K&R "cc" compiler: no ANSI C required. The compilation command is listed in the comments at the beginning of the file. If started with no parameters, it will display brief instructions on how to use it (basically just "bigpw string" unless you want to specify the salt characters for the hash).

 

I don't have any programs for SHA512 password hash generation at hand, but I guess the source code in the SHA256/512 hash specification document could be adapted for K&R compilers with some amount of effort.

The specification document is available here:

http://www.akkadia.org/drepper/sha-crypt.html (see bottom of the page)

MK
Advisor
thrubovc
Posts: 34
Registered: ‎03-13-2012
Message 3 of 3 (736 Views)

Re: encrypting a string to hash form

[ Edited ]

Hi,

that sure explains why it didn't work. As expected, neither does the passwd -1 function. I am also attaching a perl script that appears to do the job perfectly, except I've been having trouble implementing it as a one-liner in my shell script, so it doesn't need to be a standalone perl script. That's why I'm looking for some convenient native HP-UX solution. do you have any idea how I can utilize bigcrypt in a shell script, not in a large standalone script as you posted?

Thanx!

EDIT: the attached perl script also uses crypt and is limited to 8 characters, apologies

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.