Return computeSaltedBase64Hash(password, null, hashAlgorithm, delimiter) īyte salt, // the salt you want to use (uses random salt if null). compute the salted hash with a random salt. String delimiter) throws NoSuchAlgorithmException // the delimiter that will be used to delimit the salt and the hash. Public static String computeSaltedBase64Hash(String password, // the password you want to hash check if the provided salted hash matches the salted hash we computed from the password and salt. String pw_saltedHash = computeSaltedBase64Hash(password, compute a new salted hash based on the provided password and salt. get the salt from the salted hash and decode it into a byte. String delimiter) throws NoSuchAlgorithmException // the delimiter that has been used to delimit the salt and the hash. String hashAlgorithm, // the algorithm you want to use. String saltedHash, // the salted hash you want to check your password against. public static boolean isHashMatch(String password, // the password you want to check. Note: The grub package doesn't include grub-crypt in many distros.You could use this to hash a password in java if you want to. Python -c 'import crypt,getpass print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512))) Python -c 'import crypt print(crypt.crypt("", "$6$"))' Python -c 'import crypt print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' Requires Python >= 3.3 # With a random random salt Note: for those who complains that Random#rand is a PRNG, you can use the secure SecureRandom#rand but it's not very important is rand is used only to generate the salt which is publicly available in the hash at the end. Ruby -e 'require "securerandom" puts SecureRandom.alphanumeric(20).crypt("$6$" + rand(36 ** 8).to_s(36))' Ruby # With a random password and random salt # Read password from stdin to avoid leaking it in shell command history whois of all other Linux distro doesn't include mkpasswd but the source (C lang) can be found on the original repository. mkpasswd is provided by the expect package but is an totally different utility which is available as expect_mkpasswd on Debian / Ubuntu. On other Linux distribution such as ArchLinux, Fedora, CentOS, openSUSE, etc. Note: mkpasswd binary is installed via the package whois on Debian / Ubuntu only. Both examples are using $6$ which denotes that you want crypt to use SHA-512.Īll examples will be using SHA-512, as password placeholder and as salt placeholder. In these examples the password is the string "password" and the salt is "saltsalt". Perl $ perl -e 'print crypt("password","\$6\$saltsalt\$"). Support for this method of specifying the algorithm is dependent on support in OS level crypt(3) library function (usually in libcrypt). $6$saltsalt$qFmFH.bQmmtXzyBY0s9v7Oicd2z4XSIecDzlB5KiA2/jctKu9YterLp8wwnSq.qc.eoxqOmSuNp2xS0kt元nh/ Python (2.x or 3.x) $ python -c "import crypt, getpass, pwd \ or scripted- $ python -c 'import crypt print(crypt.crypt("somesecret", crypt.mksalt(crypt.METHOD_SHA512)))' Take note that these are salted: Python (>= 3.3) $ python -c 'import crypt,getpass print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))' To work around this you can use the following Python or Perl one-liners to generate SHA-512 passwords. $ yum whatprovides "*/mkpasswd"īoth of these methods are superior to using rpm since the packages do not have to be installed to locate */mkpasswd. You can find out what package it belongs to with either of these commands. NOTE: The command mkpasswd is actually part of the expect package, and should probably be avoided. On any of the Red Hat distros such as Fedora, CentOS, or RHEL the command mkpasswd doesn't include the same set of switches as the version typically included with Debian/Ubuntu.
0 kommentar(er)
