greenmoss has asked for the wisdom of the Perl Monks concerning the following question:

Hi monks,

I'm trying to generate SHA512-hashed passwords for my Linux system, but my version of the hash-generating code isn't generating the correct hashes. They *look* correct, but they don't work when I try to log in.

Relevant code bits:

use Digest::SHA qw/sha512_base64/;
$shadow = '$6$'.$salt.'$'.sha512_base64("$salt$root_pass");

[download]

What am I doing wrong?

Replies are listed 'Best First'.
Re: hashed unix/shadow SHA512 passwords
by hobbs (Monk) on Jul 21, 2009 at 23:23 UTC
    Unless you have a pressing need (like ability to run the script on a different system with a different crypt()) then don't try to do this. Instead just write something like my $shadow = crypt($root_pass, '$6$' . $salt); and you're good to go! The way that crypt() is designed it's equally good for generating or checking a hash.

    Oh, but to answer the question you actually asked, the reason is that the "SHA-512" crypt() algorithm isn't SHA-512, it's a key-derivation function using SHA-512. Likewise the "MD5" crypt algorithm isn't MD5, etc. The actual algorithm is specified here as far as I can tell, but you shouldn't worry about implementing it. Let crypt() do that for you.

[reply]
[d/l]
[select]
      Thanks; I can only vaguely remember why I needed this, but I'm sure I will stumble across this again, and will try your solution.
[reply]

Back to Seekers of Perl Wisdom