On Tue, 29 Apr 2003, Philip Rowlands wrote: > On Tue, 29 Apr 2003, John wrote: > > >I used this code: > >summer@Numbat:~$ cat bin/pw.encrypt > >#!/usr/bin/perl -w > >$passwd = $ARGV[0]; > >$salt = "\$1\$".$ARGV[1]."\$"; > > > >print(crypt($passwd, $salt)."\n"); > > > >to generate encrypted passwords for one of the accounts here, and it > >doesn't match what is actually used. > > That worked when I wrote it. Let's try with your example: > > ># echo fred | passwd --stdin fred > ># grep fred /etc/shadow > >fred:$1$iyQ05jRt$iMf.XwnD7iUhI3Tv45ZPI.:12171:0:99999:7::: > > $ ./mycrypt.pl fred iyQ05jRt > $1$iyQ05jRt$iMf.XwnD7iUhI3Tv45ZPI. > > ># echo fred | passwd --stdin fred > ># grep fred /etc/shadow > >fred:$1$le3EjRvD$CDd82emph.w1nTPnW0k5z1:12171:0:99999:7::: > > $ ./mycrypt.pl fred le3EjRvD > $1$le3EjRvD$CDd82emph.w1nTPnW0k5z1 > > Still works (phew). > > >Different encrypted passwords!! > > Yes, that's the whole point of salt. The bit I was missing (unless I'm even more confused) and which you blithely ignored is that the password field contains the salt used. In _my_ circumstances, this technique is fine. echo fred | passwd --stdin fred The perl script might as well generate its own salt rather than allow the user to provide one. -- Please, reply only to the list. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
