[Israel.pm] /etc/shadow

Alex Behar alex-b at actcom.net.il
Sun Jun 27 06:01:41 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 27 June 2004 15:24, Yuval Yaari wrote:
> This IS MD5 - which is a better choice anyway :)
>
>   --Yuval
>
> On Sun, 2004-06-27 at 14:43, Gaal Yahas wrote:
> > On Sun, Jun 27, 2004 at 01:30:34PM +0300, Georges EL OJAIMI wrote:
> > > Is there any way to encrypt a user input and validate it toward the
> > > /etc/shadow of Red Hat Linux 9. I am not sure how to get the salt of
> > > the DES encryption.
> > > Here is a sample line for user 'georges' and password 'password'
> > >
> > > georges:$1$W9sPfBqe$rS0jkCnkkj.uLc9dQYUF61:12595:0:99999:7:::
> >
> > 1. Whether the password resides in /etc/passwd or /etc/shadow makes no
> >    difference in terms of validation. /etc/shadow is merely an extra
> >    precaution against people having access to crypted passwords.
> >
> > 2. The encrypted password you quote above does not look like the output
> >    of crypt (the traditional unix DES-based one-way funciton intended
> >    for passwords). Could it be that your system is configured to use a
> >    different, possibly stronger crypting function?
> >
> >    Try looking in /etc/pam.d -- apparently you're using md5 encryption
> >    and not the traditional crypt.
>
> _______________________________________________
> Perl mailing list
> Perl at perl.org.il
> http://perl.org.il/mailman/listinfo/perl


What you have there is an MD5 hash. Its the standard in most Linux and UNIX 
systems these days. There is a module for handling MD5 password hashes, and 
it is called Crypt::PasswdMD5.

Best regards,
Alex



- -- 
The difference between theory and practice, is that in theory, 
there is no difference between theory and practice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA3sU9fDQ3s2iW3q0RAqmlAKCx65vRJ20AQ0wV09Ny7KO5pI8aJACggwEI
E54kjrtwOLNYxNviVuRnHB0=
=JYX1
-----END PGP SIGNATURE-----




More information about the Perl mailing list