Skip to content

cpb-/password-encryption

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
hasher.c
hasher.c
 
 
password-encryption_git.bb
password-encryption_git.bb
 
 

Repository files navigation

Password Encryption

A simple command line tool to hash passwords using the libC API.

Installation

The provided Makefile should be sufficient for most of the typical Linux systems. Just call : make to compile the source file.

The following packages (or some alternatives) has to be presents:

  • Gnu make
  • Gnu gcc
  • Gnu C library with development headers (libc-dev-bin), note that the crypt library from the GlibC is used during compilation.

The Makefile does only build the hasher executable file but does not copy it into any other directory. You may need to copy it by-hand in a directory listed in the PATH environment variable if you prefer.

Otherwise simply call the program with the ./hasher <password> syntax.

Usage

Calling hasher <password> will display a SHA-256 hashed version of the given password.

Options

Some options allow to configure the hash method.

The -m option allows to use the MD5 hash algorithm,

The -s <length> tells hasher to use the SHA algorithm with lengths of 256 or 512 bits.

The resulting password includes the id of the encryption method, followed by a salt, followed by the encrypted password.

The separator between algorithm id, salt string and hashed password is the $ character wich may lead to problems when the string is included in a command evaluated by an interpretor (for example a Yocto Project image recipe). So the -e option ensure that the $ chararacters are escaped by a \.

For Buildroot usage, the $ sign has to be replaced by $$. The -d (for double) option does this.

The salt length is 8 characters by default, but the -S <length> can change this value.

Finally the -l <login> option formats the output as a /etc/shadow line. All the fields but the login name and the hashed password are empty, disabling any password aging.

Typical use

The author wrote this tool to create configuration files for Buildroot and Yocto Project containing users configurations (logins and passwords) without keeping clear-text passwords directly in the configuration files.

The -l <login> option was added to use on an embedded system where the SSH password of a specific account had to be modified by the customer.

In this specific case, the hasher tool had to be installed on the embedded board system produced with Yocto Project. A sample Yocto recipe for this task is present with the sources (password-encryption_git.bb).

Openssl

Note that the openssl package, frequently available on Linux distros, offers the same basic feature:

$ openssl passwd -6 <passwd>

displays the hased password.

Nevertheless hasher is interesting, especially in automated production environments, by its -d and -e options.

Author

Christophe BLAESS 2018-2021. christophe.blaess@logilin.fr

License

This software is distributed under the terms of the Gnu GPL v.2 license.

About

Simple command line tool for Linux to encrypt password

Resources

Readme

License

GPL-2.0 license
Activity

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages