- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: encrypting a string to hash form
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2012 12:11 AM
тАО10-16-2012 12:11 AM
encrypting a string to hash form
Hi all,
I've been strujggling past days to make it work. I need a simple one-liner to encrypt a string to a password form. I want to automate password changing on my machines, which vary in OS and security level etc. So I know about this
openssl passwd string or echo string|openssl md5
The first one doesn't accept passwords longer than 8 characters and the second one's hash isn't accepted by my machines. I know about a relatively short perl script that can do it, but a unix command is more convenient.
Thanks all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2012 01:06 AM
тАО10-16-2012 01:06 AM
Re: encrypting a string to hash form
The command "echo string | openssl md5" calculates a raw MD5 hash of the string, which is not the same thing as the MD5-based password hash algorithm.
Use this instead:
openssl passwd -1 string
It will produce a proper MD5-based Unix password hash, which can be recognized by its standard "$1$" prefix.
Please refer to the OpenSSL passwd subcommand documentation:
http://openssl.org/docs/apps/passwd.html
Since you posted to the HP-UX section of the community, remember that HP-UX does not support the MD5 password encryption:
- the default password storage mode (no Trusted System, no shadow passwords) supports only traditional Unix crypt() algorithm, with the 8-character limit.
- the algorithm of the Trusted System Mode (now deprecated in 11.31) uses the bigcrypt() algorithm, which is compatible with crypt() with passwords of 8 characters or less, but can accept longer passwords.
- if you use the shadow password mode (available as standard in 11.23 and newer), the default password algorithm is the traditional crypt(). However, there are free optional packages available at software.hp.com that will enable support for SHA512-based password algorithm (prefix "$6$"). With HP-UX 11.31, this will allow long passwords of up to 255 characters.
For HP-UX 11.23:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI
For HP-UX 11.31:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PHI11i3
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=LongPassword11i3
Attached is a small program for producing password hashes for the bigcrypt() algorithm. It is a slightly modified version of a similar program I found in the ITRC Forums (the predecessor of this Community).
It should be compilable with the HP-UX default K&R "cc" compiler: no ANSI C required. The compilation command is listed in the comments at the beginning of the file. If started with no parameters, it will display brief instructions on how to use it (basically just "bigpw string" unless you want to specify the salt characters for the hash).
I don't have any programs for SHA512 password hash generation at hand, but I guess the source code in the SHA256/512 hash specification document could be adapted for K&R compilers with some amount of effort.
The specification document is available here:
http://www.akkadia.org/drepper/sha-crypt.html (see bottom of the page)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2012 02:02 AM - edited тАО06-19-2013 02:30 AM
тАО10-16-2012 02:02 AM - edited тАО06-19-2013 02:30 AM
Re: encrypting a string to hash form
Hi,
that sure explains why it didn't work. As expected, neither does the passwd -1 function. I am also attaching a perl script that appears to do the job perfectly, except I've been having trouble implementing it as a one-liner in my shell script, so it doesn't need to be a standalone perl script. That's why I'm looking for some convenient native HP-UX solution. do you have any idea how I can utilize bigcrypt in a shell script, not in a large standalone script as you posted?
Thanx!
EDIT: the attached perl script also uses crypt and is limited to 8 characters, apologies