Linux使用Blowfish生成密码,linux用户密码生成

最新推荐文章于 2024-03-05 10:56:40 发布

孙哒圣i

最新推荐文章于 2024-03-05 10:56:40 发布

阅读量203

点赞数

文章标签： Linux使用Blowfish生成密码

linux账户保存在/etc/passwd，密码保存在/etc/shadow。

通过man 5 passwd，man 5 shadow可查看文件中各字段含义。

encrypted password

Refer to crypt(3) for details on how this string is interpreted.

密码是通过库函数crypt生成的。

1. 函数

#define _XOPEN_SOURCE /* See feature_test_macros(7) */

#include char *crypt(const char *key, const char *salt);

输入参数：key为密码，salt本意为盐，为增加密码难度，加把盐。salt有新旧两种方式：

key is a user's typed password.

salt is a two-character string chosen from the set [a–zA–Z0–9./]. This string isused to perturb

the algorithmin one of 4096 different ways.

The glibc2 version of thisfunction supports additional encryption algorithms.

If saltis a character string starting with the characters "$id$" followed by a stringterminated

by"$":

$id$salt$encrypted

then instead ofusing the DES machine, id identifies the encryption method used and this then determines how the rest of the password string isinterpreted. The following values of id are supported:

ID|Method

─────────────────────────────────────────────────────────1 |MD5

2a| Blowfish (not in mainline glibc; added insome|Linux distributions)5 | SHA-256 (since glibc 2.7)6 | SHA-512 (since glibc 2.7)

So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512encoded

one."salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed password. The size of this string is fixed:

MD5| 22characters

SHA-256 | 43characters

SHA-512 | 86characters

The charactersin "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes in DES).

现在linux都实现的是第二中方式的salt。

2. coding

#define _XOPEN_SOURCE#include#includeint main(int argc, char*argv[])

{if(argc != 3){return 0;

}

printf("%s==%s==%s==\n", argv[0], argv[1], argv[2]);

printf("%s\n", crypt(argv[1], argv[2]));return 0;

}

创建test用户，密码test123

test:$6$BJIQmFkQ$TnJMVbBoWvE4fBkJ30iJlQwDLxV3wLaZ8pVqrh7N5m0mTWD.vNdRw/uEs8Wu7IB.sfvzBYZUweM6Rd0M43bm61:17285:0:99999:7:::

程序测试

~$gcc crypt.c -lcrypt~$./a.out test $6$BJIQmFkQ$

./a.out==test==$==Segmentation fault (core dumped)~$./a.out test "\$6\$BJIQmFkQ\$"./a.out==test==$6$BJIQmFkQ$==$6$BJIQmFkQ$uIMnVVN/FUac.VGm0Ie6g.gWjIRsE0PSNX8ufDcekvmGZ7PtrLVJbrZTlhYplfyEbonrBYpwvHIWGQx9XxeQG/

~$./a.out test "BJIQmFkQ"./a.out==test==BJIQmFkQ==BJp/Gyj8SpEnI

~$./a.out test123 "\$6\$BJIQmFkQ\$"

./a.out==test123==$6$BJIQmFkQ$==

$6$BJIQmFkQ$TnJMVbBoWvE4fBkJ30iJlQwDLxV3wLaZ8pVqrh7N5m0mTWD.vNdRw/uEs8Wu7IB.sfvzBYZUweM6Rd0M43bm61

孙哒圣i

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
Linux使用Blowfish生成密码,linux用户密码生成

linux账户保存在/etc/passwd，密码保存在/etc/shadow。通过man 5 passwd，man 5 shadow可查看文件中各字段含义。encrypted passwordRefer to crypt(3) for details on how this string is interpreted.密码是通过库函数crypt生成的。1. 函数#define _XOPEN_SOU...
复制链接

扫一扫