views:

30

answers:

1

Hi, I'm trying to mimic the creation of password strings as they appear in /etc/shadow.

This is what I've got so far, but the encrypted passwords don't match, when I use the same password and the same salt.

5000 rounds is standard for crypt, so I used that as well, but I don't see where exacly I made a mistake:

I'm doing this in Perl, this is the relevant porion:

($pass, $salt) = @ARGV;

unless(defined($salt)) {
    $salt = MIME::Base64::encode(random_bytes(12), '');
}

for $i (1 .. 4999) {
    $pass = Digest::SHA::sha512($salt, $pass);
}

say "";

print '$6$', $salt, '$', Digest::SHA::sha512_base64($salt, $pass), "\$\n";
A: 

The crypt algorithm involves a lot more than just re-hashing 5,000 times:

LukeH
Yeah, I was expecting something like this. Thanks, I'll read through it and accept if it's what I'm looking for.
polemon
The document say: "2. the password string is added to digest A. 3. the salt string is added to digest A." Does that mean, that first I append the salt to the password string? If so, that would be the other way round for MD5, which prefixes passwords with salt.
polemon
polemon