10-16-2012 12:11 AM
I've been strujggling past days to make it work. I need a simple one-liner to encrypt a string to a password form. I want to automate password changing on my machines, which vary in OS and security level etc. So I know about this
openssl passwd string or echo string|openssl md5
The first one doesn't accept passwords longer than 8 characters and the second one's hash isn't accepted by my machines. I know about a relatively short perl script that can do it, but a unix command is more convenient.
10-16-2012 01:06 AM
The command "echo string | openssl md5" calculates a raw MD5 hash of the string, which is not the same thing as the MD5-based password hash algorithm.
Use this instead:
openssl passwd -1 string
It will produce a proper MD5-based Unix password hash, which can be recognized by its standard "$1$" prefix.
Please refer to the OpenSSL passwd subcommand documentation:
Since you posted to the HP-UX section of the community, remember that HP-UX does not support the MD5 password encryption:
- the default password storage mode (no Trusted System, no shadow passwords) supports only traditional Unix crypt() algorithm, with the 8-character limit.
- the algorithm of the Trusted System Mode (now deprecated in 11.31) uses the bigcrypt() algorithm, which is compatible with crypt() with passwords of 8 characters or less, but can accept longer passwords.
- if you use the shadow password mode (available as standard in 11.23 and newer), the default password algorithm is the traditional crypt(). However, there are free optional packages available at software.hp.com that will enable support for SHA512-based password algorithm (prefix "$6$"). With HP-UX 11.31, this will allow long passwords of up to 255 characters.
For HP-UX 11.23:
For HP-UX 11.31:
Attached is a small program for producing password hashes for the bigcrypt() algorithm. It is a slightly modified version of a similar program I found in the ITRC Forums (the predecessor of this Community).
It should be compilable with the HP-UX default K&R "cc" compiler: no ANSI C required. The compilation command is listed in the comments at the beginning of the file. If started with no parameters, it will display brief instructions on how to use it (basically just "bigpw string" unless you want to specify the salt characters for the hash).
I don't have any programs for SHA512 password hash generation at hand, but I guess the source code in the SHA256/512 hash specification document could be adapted for K&R compilers with some amount of effort.
The specification document is available here:
http://www.akkadia.org/drepper/sha-crypt.html (see bottom of the page)
10-16-2012 02:02 AM - edited 06-19-2013 02:30 AM
that sure explains why it didn't work. As expected, neither does the passwd -1 function. I am also attaching a perl script that appears to do the job perfectly, except I've been having trouble implementing it as a one-liner in my shell script, so it doesn't need to be a standalone perl script. That's why I'm looking for some convenient native HP-UX solution. do you have any idea how I can utilize bigcrypt in a shell script, not in a large standalone script as you posted?
EDIT: the attached perl script also uses crypt and is limited to 8 characters, apologies