openssl passwd

Others 2020-03-02 23:19:06 views: null

This command is used to generate pseudo-encrypted password.

[root@docker-01 ~]# whatis passwd
sslpasswd (1ssl)     - compute password hashes
passwd (1)           - update user's authentication tokens

Use openssl passwd encryption algorithm supports three ways: when the algorithm is not specified, the default use -crypt.

Option Description:

 -crypt: UNIX standard encryption algorithm, which is the default algorithm. If the salt (- Salt) operator password, just take the first two of salt, two behind all the characters are ignored. 

- 1 (Digital): based on the MD5 algorithm code. See more of the algorithm, code-named " http://www.cnblogs.com/f-ck-need-u/p/7011460.html#blog222 " . 

-apr1 (Digital): apache used in alternative md5 algorithm code, and can not " -1 " used with the option because apr1 itself tacitly md5. htpasswd tool to generate the authentication password is this method. 

- Salt: add some salt encryption, you can increase the complexity of the algorithm. However, the addition of salt have side effects: the same salt, the same password, the encrypted result will be the same. 

- in  File : password read from the file list to be calculated

 - stdin: get the password to be entered from standard input

 -quiet: password generation process does not export any information

When entering password to encrypt password directly on the command line or using -salt, you will not need to confirm, otherwise it will interact confirm the password.

[root@docker-01 ~]# openssl passwd 123456 ; openssl passwd 123456 
jKQ3BCZuzodcM
EZSkaSj95n/E2

From the above test, using the default -crypt encrypted password is random. But after adding salt, if the password is the same, the same salt, then the same encryption results.

[root@docker-01 ~]# openssl passwd -salt 'xxx' 123456 ; openssl passwd -salt 'xxx' 123456
xxkVQ7YXT9yoE
xxkVQ7YXT9yoE

But also we saw -crypt encryption algorithm take only the first two of salt.

If any salt of the first two and a password is not the same, the results are not the same encryption.

[root@docker-01 ~]# openssl passwd -salt 'xyx' 123456;openssl passwd -salt 'xxx' 123456
xyJkVhXGAZ8tM
xxkVQ7YXT9yoE

Note that the default -crypt just take the salt of the first two characters, so long as the salt as the first two, even if the third different, the result is the same.

[root@docker-01 ~]# openssl passwd -salt 'xyz' 123456 ; openssl passwd -salt 'xyy' 123456
xyJkVhXGAZ8tM
xyJkVhXGAZ8tM

MD5 encryption algorithm under test format.

[root@docker-01 ~]# openssl passwd -1 123456 ; openssl passwd -1 123456   
$1$vtq3f.as$wRQbGcKp3wHyFhC3YvsXK.
$1$aLWTn0Cu$fT/gUBtIdBwc9AwPeYAOU1

Visible results longer than -crypt algorithm, when without salt, random password generation.

[root@docker-01 ~]# openssl passwd -1 -salt 'abcdefg' 123456 ; openssl passwd -1 -salt 'abcdefg' 123456
$1$abcdefg$a3UbImglR4PCA3x7OvwMX.
$1$abcdefg$a3UbImglR4PCA3x7OvwMX.

As can be seen, the addition of salt, although increased complexity, but also by the "same salt, the same code, the same encryption results for" restriction. Further, the length of the salt no longer limited to the two.

Then when apache or nginx web page generates an access authentication password, that password basic authentication authentication method.

[root@docker-01 ~]# openssl passwd -apr1  123456 ; openssl passwd -apr1 123456
$apr1$f1Dc/wmN$4kR2BCaGLon3zR.Gv6qhP.
$apr1$np43/1e2$iX.QQ9Df06k7u.Q031/8./
[root@docker-01 ~]# openssl passwd -apr1 -salt 'abcdefg' 123456 ;  openssl passwd -apr1 -salt 'abcdefg' 123456
$apr1$abcdefg$PCGBZd8XFTLOgZzLLU3K00
$apr1$abcdefg$PCGBZd8XFTLOgZzLLU3K00

Similarly, the addition of salt to be "of the same salt, the same password is encrypted with the same result" restrictions.

About openssl passwd file, which generated passwords can be copied directly to / etc / shadow file, but openssl passwd because they do not support sha512, so the password is strong enough. If you want to generate a sha512 password can be generated using grub-crypt, which is a python script, but unfortunately CentOS 7 only grub2, grub-crypt command is gone.

[root@docker-01 ~]# grub-crypt --sha-512

You can use simple statement instead of grub-crypt.

python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'

grub-crypt and above python statements are interactive. If you are a non-interactive, slightly modified under the python statement:

python -c 'import crypt,getpass;pw="123456";print(crypt.crypt(pw))'
</div

 

Guess you like

Origin www.cnblogs.com/liujunjun/p/12398634.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com