开发者

Hashing a string using the algorithm that Linux uses to hash users' passwords?

开发者 https://www.devze.com 2023-03-13 19:13 出处:网络
What\'s the algorithm that Li开发者_运维百科nux uses to hash users\' passwords? How can I implement that algorithm in PHP?You might need to know some background information on Linux password storage f
相关专题:encryptionhashphp

What's the algorithm that Li开发者_运维百科nux uses to hash users' passwords? How can I implement that algorithm in PHP?

You might need to know some background information on Linux password storage formats - especially on shadowed password configuration before you can actually implement your own.

On Linux distributions using glibc2, the hash function has a 'magic bit' and salt prefixed to it.

The magic bit starts off with '$x$' and is used to determined the hash function that was used:

  • $1$ for MD5
  • $2$ for Blowfish,
  • $5$ for SHA-256 and
  • $6$ for SHA-512

(Other unix systems like NetBSD might have different values for this).

The magic bit then followed by 8 bits that constitutes the salt and optionally is terminated by another "$". Between this and the next "$", you will find the actual password hash.

Almost all modern Linux systems these days do NOT store the passwords in the world-readable /etc/passwd. Instead the passwords are shadowed in /etc/shadow where only root is allowed read permission. If the shadowed password scheme in use, the /etc/passwd file shows a character such as '*', or 'x' instead of the password.

The format of a typical password in /etc/shadow would looks like this:

$a:$b:$c:$e:$f:$g:$h:$i

Where:

$a: username

$b: salt and hashed password (as explained above). If this is "NP" or "!" or null then it means that the account has no password. "LK" or "*" means the account is locked and the user will be unable to log-in. "!!" means that the password has expired

$c: Days since epoch of last password change

$d: Days until change allowed

$e: Days before change required

$f: Days warning for expiration

$g: Days before account inactive

$h: Days since epoch when account expires

$i: Reserved for future use.

An example of a shadowed password file could be found at: http://configuration.logfish.net/index.php/etc/shadow

References:

crypt(3) - Linux man page

Why shadow your passwd file?

Understanding Linux Password Hashes

Shadow password on wikipedia

Try using the PHP crypt function.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9