2

I am writing a Perl script which will create a new user (on Ubuntu).

It will need a step along the lines of

$encrypted_password = crypt ($password, $salt);
system ("useradd -d $home -s /bin/bash -g $group -p $encrypted_password $name");

What should the value of $salt be? Examples on the Internet seem to use arbitrary values, but if the encrypted password is going to be tested against what the user enters, then the kernel needs to hash the input with the same salt in order to pass the comparison.

This website claims the salt is encoded in the output of crypt, but that is apparently not true.

In Perl the output of

print crypt("foo", "aa");
print crypt("foo", "aabbcc");
print crypt("foo", "aa1kjhg23gh43jhgk32kh325423g");
print crypt("foo", "abbbcc");

is

aaKNIEDOaueR6
aaKNIEDOaueR6
aaKNIEDOaueR6
abQ9KY.KfrYrc

Aside from there being identical hashes from different salts, which is suspicious, it seems only the first two characters of the salt are used. This does not make sense from a security point of view. Also the output is not in the format as claimed in the link above.

So what value of salt should I use when encrypting a password for useradd?

Community
  • 1
  • 1
spraff
  • 32,570
  • 22
  • 121
  • 229
  • Hmm, look at the first to characters of each string and and your hypothesis that only two characters of the salt are used ;). – martin Mar 20 '15 at 14:15
  • FYI, `man useradd` says of the `-p` option: "This option is not recommended because the password (or encrypted password) will be visible by users listing the processes." Why not use `passwd` instead? – ThisSuitIsBlackNot Mar 20 '15 at 14:47
  • The two-character salt has been the Unix standard for decades. – Neil Masson Mar 20 '15 at 15:38
  • That's amazing. Surely it makes multiple rainbow tables feasible? – spraff Mar 20 '15 at 17:54
  • @spraff See `man 3 crypt` (Perl's `crypt` works exactly the same way): "Warning: The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the portion of this key space that is generally used by humans for passwords. Hence, password selection should, at minimum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended." – ThisSuitIsBlackNot Mar 20 '15 at 18:46

1 Answers1

2

All the information about crypt is in perldoc -f crypt.

Here is the part that answers your question:

When choosing a new salt create a random two character string whose characters come from the set [./0-9A-Za-z] (like join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64] ). This set of characters is just a recommendation; the characters allowed in the salt depend solely on your system's crypt library, and Perl can't restrict what salts crypt() accepts.

I hope this helps.

Borodin
  • 126,100
  • 9
  • 70
  • 144
Greengaroo
  • 104
  • 5
  • Yes, now add a paragraph that the salt is the first two characters in his output and you explained it all. – martin Mar 20 '15 at 14:13
  • Its even in the documentation: `Traditionally the result is a string of 13 bytes: two first bytes of the salt, followed by 11 bytes from the set` – martin Mar 20 '15 at 14:17
  • Intersting: Whilst the above link doesn't work, (https://perldoc.perl.org/functions/crypt as of May 2023) it states that encryption is one way only and cannot be decoded, (I too thought there was a routine that used 2bytes of salt at front, which then decoded the rest of the string) – Cristofayre Jun 03 '23 at 10:07