What hash to use
Matthew Seaman
matthew at FreeBSD.org
Fri Aug 24 08:56:57 UTC 2018
On 24/08/2018 03:25, Olivier wrote:
> "Derek (freebsd lists)" <482254ac at razorfever.net> writes:
>
>> On 2018-08-23 05:16 AM, Olivier wrote:
>>> I am using a tools that hashes the passwords in the form of
>>> $2b$10$OQBll77HJqnOR.zqK2jx8ukE6m68Azc7nrsgRdcT6bVfERRmzFV4.
>>>
>>> What magic tool can I use in freeBSD to do the same hashing?
>>>
>>
>> Try this (cdemo.c):
>>
>>
>>
>> Then:
>>
>> cc -lcrypt -o cdemo cdemo.c
>> ./cdemo
>>
>> This is okay for a one-off.
>>
>> You might wire stdin to read the salt, or for bonus points make
>> your own salt generator.
>>
>> Additionally, it's likely not a good idea to read the password
>> from the command-line (argv+argc). A file descriptor (e.g.
>> stdin) of some kind would be better, as it will show up in shell
>> history and the process table.
>>
>> Some languages, e.g. python, php, etc will have a library to do
>> this for you as well.
>
> Thank you Derek, I will give it a try.
>
> I started looking in Perl, but could not find anything.
>
> I am trying to automatically generate 100 accounts for a software, I
> don't want to create them with the web interface, so having the password
> on the history is not a problem (and I am asked to have the
> password=username, so the quality of password is not a worry :)
% perl -le 'print crypt "mypassword", q{$6$RandomSalt$}'
$6$RandomSalt$FT6f31B0cyE4q.vCLfpCcAXbX5EYr2fvZW4ILgpUj97sTcZtkHYBGN8FUHUwqN3wkpVPPr/0WIS1FUW4YD9By.
The trick is to add the '$6$ (or whatever scheme you prefer) before the
salt, and the '$' at the end.
Cheers,
Matthew
More information about the freebsd-questions
mailing list