Which is the encryption method used on /etc/shadow on GNU/Linux systems? I would like to write a small program for personal purpose that uses the same API, but at the moment I don't know where to start.
Thanks in advance
Asked
Active
Viewed 4.1k times
22
Benjamin Loison
- 3,782
- 4
- 16
- 33
b3h3m0th
- 1,330
- 1
- 11
- 22
-
The solution is man 3 crypt, MD5. I wanted to know if anyone has experience with these APIs!!! – b3h3m0th Sep 30 '12 at 11:32
-
This is useful for my purpose: http://stackoverflow.com/questions/2565427/c-crypt-function – b3h3m0th Sep 30 '12 at 11:50
-
very informative http://stackoverflow.com/questions/8794588/public-key-implementation-in-c-for-linux?rq=1 – b3h3m0th Oct 19 '12 at 10:52
4 Answers
42
Use the crypt(3) function. On glibc, the method used depends on the salt, if it starts with:
- $1$: it uses MD5.
- $5$: it uses SHA-256.
- $6$: it uses SHA-512.
- $2a$: it uses blowfish, not supported everywhere.
- Otherwise it uses DES.
ninjalj
- 42,493
- 9
- 106
- 148
-
1The method used to "encrypt" the password plaintext does not depend on the salt! The string between the first pair of $s indicates the "encryption" method, the string between the second pair of $s is the actual salt for that "encryption" method. – fpmurphy Sep 30 '12 at 16:31
-
4@fpmurphy: the second parameter to `crypt()` is called `salt`, and it includes an encryption algorithm identifier and the real salt. – ninjalj Sep 30 '12 at 16:48
-
Up 1 it was useful to find the what type of algorithm is used in my encryption. Thanks dude. – Q_SaD Mar 31 '14 at 13:06
6
Multiple encryption methods are available in glibc, see man 3 crypt, the Glibc Notes section: http://manpages.courier-mta.org/htmlman3/crypt.3.html
When verifying an existing password, just pass the encrypted form as salt; only the initial $id$salt part will be used. When creating new password, initialize id with whatever you need and put some random characters in salt.
Petr Baudis
- 1,178
- 8
- 13
4
basic example with crypt()
#include <stdio.h>
#include <stdlib.h>
#define MAX_STR 256
#define MAX_SALT 12
int main(int argc, char *argv[]) {
char password[MAX_STR];
char salt[MAX_SALT];
printf("salt: ");
scanf("%s", salt);
printf("password: ");
scanf("%s", password);
printf("Encrypt '%s' : '%s'\n", password, crypt(password, salt));
return(EXIT_SUCCESS);
}
Compile program:
$ gcc -lcrypt test.c
b3h3m0th
- 1,330
- 1
- 11
- 22
-
info about headers: http://stackoverflow.com/questions/6127921/is-the-crypt-function-declared-in-unistd-h-or-crypt-h – b3h3m0th Sep 30 '12 at 13:16
-1
I receive
undefined reference to `crypt'
so I think that you should compile with
$ gcc test.c -lcrypt
