[Chicago-talk] Note on Shadow password files
Steven Lembark
lembark at wrkhors.com
Sun Mar 12 13:16:25 PST 2006
Shadow files don't always use MD5, Blowfish is also
common. The check is to look at one of the encrypted
passwords for "$1$" or "$2a". Passwords starting
with $2a$ are encrypted with the Blowfish hash
function which can be handled via:
Crypt::Blowfish
Perl Blowfish encryption module
Crypt-Blowfish-2.10 - 02 Dec 2005 - Dave Paris
Crypt::Blowfish_PP
Blowfish encryption algorithm implemented purely in Perl
Crypt-Blowfish_PP-1.12 - 02 Jan 2001 - Matthew Byng-Maddick
If they begin with $1$ then they are MD5 and are
probably best handled via:
Crypt::PasswdMD5
Provides interoperable MD5-based crypt() functions
Crypt-PasswdMD5-1.3 - 17 Feb 2004 - Luis Muñoz
These are the most likely solutions today.
--
Steven Lembark 85-09 90th Street
Workhorse Computing Woodhaven, NY 11421
lembark at wrkhors.com 1 888 359 3508
More information about the Chicago-talk
mailing list