Generating MD5 password on OS X

Question

I'm working on OS X Snow Leopard and need to programmatically generate an MD5crypt() password to match with passwords generated on Ubuntu 8.04 (crypt() on that platform uses MD5 if the salt starts with $1$ because it uses the crypt() found in glibc2 which has that functionality).

There is a md5crypt routine on OS X, but unfortunately, it's Tcl-only.

A painful option would be to pull apart the code for the openssl passwd command and write my own based on that.

I'm guessing that trying to compile glibc2 and link with that on OS X would likely be nearly impossible if not impossible.

Has anyone run across the problem and solved it? Or have suggestions? (I will be filing a bug with Apple asking for it to be added)

Answer 1

Maybe have a look at the SSCrypto.framework (a BSD-licensed OpenSSL library wrapper) or PolKit!

http://osx.hyperjeff.net/Apps/apps?f=openssl

In addition, you may get libmd via MacPorts (port info libmd).

And last but not least there's the osxcrypt project (which is a modular-designed kernel module).

The OSXCrypt Framework is based on the paradigm of implementing a modular kernel module that can be used with OTHER cyphers. Implementing dm-cryppt on mac, for example, is now trivially easy.

Answer 2

To answer my question, I don't currently see an easy way to solve this issue on OS X that doesn't involve rolling your own implementation.

And to drive that point home further, here's Apple's response to my enhancement request:

There already exists another password encryption scheme in Mac OS X, with crypt() only provided for Unix conformance. Given that this overloading of crypt() with MD5 hashing is non-standard, there are no plans to change the implementation

We are now closing this bug since our engineers are aware of the issue and will continue to track it offline. A different resolution to this issue may be considered in the future.

So if you need MD5-crypt() on OS X, you're going to have to roll your own until it becomes a standard.