How does openssl decrypt a password
Solution 1
openssl crypt you password with an algorithm and a salt. If you do not provided a salt an random is choosen.
the salt is given in the resulting hash.
for instance
openssl passwd -1 foo
$1$pyuddMjp$3.deTnHdrVVVLoh5zkQ0B.
where
- 1 is proticol (md5 here)
- pyuddMjp is salt
If I want to verif you know passwd (i.e. foo), I need to compare resulting hash, using passwd option with salt.
-
with x=bar
openssl passwd -1 -salt pyuddMjp $x $1$pyuddMjp$kNkQHWoF8WVh7Oxvae5YX1
-
with x=foo
openssl passwd -1 -salt pyuddMjp $x $1$pyuddMjp$3.deTnHdrVVVLoh5zkQ0B.
Solution 2
First of all openssl command is usually not used to encrypt passwords. You can read about openssl at http://en.wikipedia.org/wiki/OpenSSL
On Unix systems passwords are encrypted with a one way hash, so there is no way to decrypt them to get back the original.
In one way encryption the salt is usually a pre determined string or generated from the plain text version, for example the first few characters, and you will use that to regenerate the hash and compare the two.
You mentioned php, you can check php crypt function for more information.
Related videos on Youtube
David Cesar Santos
Updated on September 18, 2022Comments
-
David Cesar Santos over 1 year
I'm learning about encryption and decryption on linux and php. So I have three questions about openssl and how it generates password hashes.
1- So say I generated a password with the linux command
openssl passwd
My first observation is that every time I generate a hash, it's different! Why is that? Is it because of salt? That's my first question.
2- Now my second question is about testing this password. Say I want to test the correctness of this password and get a binary answer, whether it's correct or not. How do I do that with openssl? If my question doesn't make sense, then how is
openssl passwd
useful?3- If I encrypt my password with a hash using
openssl passwd
, and every time there's a random salt added to it, how does openssl decrypt it (or any other program for that matter)?Thank you.
-
David Cesar Santos over 9 yearsThank you for the response. This is helpful. But I still am wondering about how this works without the "-1" in the command. Why do I still get a different result each time?
-
Арсений Черенков over 9 yearswithout -1 option, crypt() is used, the salt are the first two caracter.