Using ruby to generate SHA512 crypt-style hashes formatted for /etc/shadow?

ruby encryption passwords sha crypt
11,565

After further research:

  • The mkpasswd command, which on debian is in the whois package (weird):

    mkpasswd -m sha-512

  • String#crypt does actually call the platform's native crypt() call, however OSX (up to 10.6) does not include support for alternate ciphers. "password".crypt('$6$somesalt') will work on Linux platforms.

Share:
11,565
Gabe Martin-Dempesy
Author by

Gabe Martin-Dempesy

I am an infrastructure engineer at Zendesk with a focus in Ruby and distributed systems.

Updated on June 07, 2022

Comments

  • Gabe Martin-Dempesy
    Gabe Martin-Dempesy almost 2 years

    I want to generate SHA512 hashed passwords for inclusion directly into a /etc/shadow file for use with chef's user resource. Normally I'd go to the stdlib's Digest library for this, but it doesn't generate the hash in the right format:

    ruby-1.9.2-p136 :001 > require 'digest/sha2'
 => true 
ruby-1.9.2-p136 :002 > Digest::SHA512.hexdigest('test')
 => "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"

    The format that the shadow file wants is: 

    $6$/ShPQNXV$HJnibH9lw01qtYqyJQiBf81ggJB2BGUvKA7.kv39HGCeE.gD4C/SS9zAf5BrwOv3VJzvl99FpHYli9E8jykRC0

    Things I've looked at:

    • The openssl "dgst" module returns the same format as .hexdigest, and its "passwd" module doesn't include SHA512 support.
    • String#crypt, but that does not support SHA512. (edit: this is only the case on OSX - modern Linux distros will work if you specify "$6$somesalt" as the salt)
    • ruby-crypt gem, but it does not support SHA512

    For comparison, something that does return the proper format is PHP's crypt, but I'd rather not have to exec out to PHP for something that should be simple.

  • Blender
    Blender about 13 years
    I'd merge this with your question.
  • c33s
    c33s over 12 years
    would be interested in a native ruby solution: stackoverflow.com/questions/9043017/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Opening an RSA private key from Ruby
How to properly store a PBKDF2 password hash
Decrypt SHA1 with (password) in python
RAR passwords, why don't rainbow tables work?
Drupal 7 password hash
How can I encrypt password in a batch file?
How to hash a password with SHA512
How to encrypt form data?
Encryption-Decryption in Rails
How to use Keychain for saving password like GenericKeychain sample code