Category: | Cryptography |
Author/Contact Info | zentara of perlmonks |
Description: | Many linux/unix distibutions are moving up to a variation of blowfish to hash passwords. See blowfish password hashing for more details. The Crypt-Eksblowfish module gives Perl users the access to this, but the module has many parts and is not crystal clear on usage. This is just a clarified version of one of the modules test scripts, to show how you can use it. |
#!/usr/bin/perl use warnings; use strict; use Crypt::Eksblowfish::Bcrypt qw(bcrypt); my $settings = '$2$07$abcdefghijklmnopkC2SI.'; #hash identifier + salt my $hash = 'SY5XUDcstCvd.D7IsnwxqkBQmKD548W'; my $hashed = bcrypt('password', $settings); print "\n$hashed\n"; print $settings.$hash."\n\n"; $settings = '$2a$05$abcdefghijklmnopqrstuu'; $hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; my $password = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR +STUVWXYZ0123456789'; $hashed = bcrypt($password, $settings); print "$hashed\n"; print $settings.$hash."\n\n"; $settings = '$2a$05$abcdefghijklmnopqrstuu'; $hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; # just change the first digit of password $password = '1123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU +VWXYZ0123456789'; $hashed = bcrypt($password, $settings); print "$hashed\n"; print $settings.$hash."\n\n"; while(<DATA>) { chomp; my ($checkstring, $password) = split; # print "$checkstring\t$password\n"; #regex for the blowfish hash id and the 22 char salt $checkstring =~ s#^(\$2a?\$\d{2}\$[A-Za-z0-9+\\.]{22})(.*)##; # 22 is shown, may be 53 on some systems? my($id_salt, $hash) = ($1, $2); # print "$id_salt\t\t$hash\n"; my $hashed = bcrypt($password, $id_salt); print "$hashed\n"; print "$hash\n"; if($hashed eq $id_salt.$hash){print "matched\n\n"}else{ print +"NOT matched\n\n"} } =head1 bcrypt(PASSWORD, SETTINGS) This is a version of "crypt" (see "crypt" in perlfunc) that impleme +nts the bcrypt algorithm. It does not implement any other hashing algorith +ms, so if others are desired then it necessary to examine the algorithm prefi +x in SET TINGS and dispatch between more than one version of "crypt". SETTINGS must be a string which encodes the algorithm parameters, i +ncluding salt. It must begin with "$2", optional "a", "$", two digits, "$", + and 22 base 64 digits. The rest of the string is ignored. The presence o +f the optional "a" means that a NUL is to be appended to the password bef +ore it is used as a key. The two digits set the cost parameter. The 22 base + 64 dig its encode the salt. The function will "die" if SETTINGS does not +have this format. The PASSWORD is hashed according to the SETTINGS. The value return +ed is a string which encodes the algorithm parameters and the hash: the par +ameters are in the same format required in SETTINGS, and the hash is append +ed in the form of 31 base 64 digits. This result is suitable to be used as a + SETTINGS string for input to this function: the hash part of the string is i +gnored on input. =cut # example what might be shown in /etc/shadow (without password shown) # you must separate off the $id_salt, and compute the hash # (id_salt+eksblowfishhash) (right password) __DATA__ $2$07$aba.............kC2SI.cbHK1ODT5F77pYUqRNV63bd/IDxsTXq 0 $2$07$abcdee..........kC2SI.HiVB5Ax/RkxnDF2P5lQk06NBgbF/xYO 0 $2$07$abcdefghijklmnopkC2SI.7Q0nVrcMF4umRv5Pk5vDi0GlDI.lLE. 0 $2$07$abcdefghijklmnopqrstuuAgtOGDu2Z1DC3oOn6HzhbBE811IGUYu 0 $2$07$abcdefghijklmnopkC2SI.SY5XUDcstCvd.D7IsnwxqkBQmKD548W password $2$04$abcdefghijklmnopkC2SI.q7Yf61ne/f5tu69iU.SIM68gT3LAaYy password $2$10$abcdefghijklmnopkC2SI./wsXFeTOFgHVzDjpY2cn9yyF85o0khS password $2$04$......................Ns4TWVMFumL/LG8wa/FMbZnvNs.EDBi password $2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm password $2$06$......................h9TvqYVBoV1csDZEfDS/qeQHryfT7dm password $2$07$......................A.nYdZ8J7ihz9grv6aPNwWdqpEgHssm password $2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW U*U $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK U*U* $2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a U*U*U $2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui 01234567 +89abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 |
|
---|
Back to
Code Catacombs