Let's look again at the makekey example I first provided:
$ encrypted_passwd=$(echo passwordY7 | /usr/lbin/makekey)
$ echo $encrypted_passwd
Y7mVtdV.zWazc
In this example, "passwordY7" is passed to makekey. The first 8 characters ("password") are to be encrypted. The 9th and 10th characters ("Y7") are the salt. man makekey for more information on the salt.
Every time you pass "passwordY7" to makekey, the resulting encrypted password will be "Y7mVtdV.zWazc". It will always return the same 13 characters. Notice the first 2 characters are "Y7", the salt. Whatever salt you use will be returned as the first 2 characters of the encrypted password.
Suppose you store Y7mVtdV.zWazc in a file as my encrypted password. Now whenever I enter my password, do the following:
- look at the first 2 characters of my encrypted password in the file to determine the salt
- pass the password I entered and the salt from the file to makekey
- compare the result from makekey with what you have stored in the file
- if they are the same, then I entered the correct password
- if they are not the same, then I did not enter the correct password
For example, suppose I enter "12345678" as my password. You need to take the salt from the encrypted password in the file. It is "Y7". Now do: echo 12345678Y7 | /usr/lbin/makekey. Compare the result with my encrypted password from the file. They will be different so you know I did not enter the correct password.
Remember, you must always pass 10 characters to makekey. If the entered password is less than 8 characters, you will need to add spaces between the password and salt. Example:
echo "pass Y7" | /usr/lbin/makekey
Note there should be 4 spaces above between pass and Y7 but the forums always compress spaces.
If the password is more than 8 characters, you can only use the first 8.
Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
