Subject: Re: command line DES/MD5 encryption
To: Jeremy C. Reed <reed@reedmedia.net>
From: John Maier <jmaier@midamerica.net>
List: netbsd-users
Date: 07/23/2003 15:07:30
> I am not sure if I understand your need.
>
> passwd(1) can use passwd.conf(5) to use a md5 "localcipher" type.
>
> As for other command-line tools to encrypt, maybe try "md5 -s whatever" or
> "echo -n whatever | openssl md5".

well example...
Using the password '4testing'

mail:/root>echo -n 4testing | openssl md5
3ba9cd281d958e6fb2d60167db87b92f

mail:/root>md5 -s 4testing
MD5 ("4testing") = 3ba9cd281d958e6fb2d60167db87b92f

However when you use the passwd command and set the password...

mail:/root>grep testing /etc/master.passwd
testing:$1$4fT3f4.S$1LEh3gouRxJouduA9vPj40:4186:50::0:0:testing:/usr/home/te
sting:/bin/sh

$1$4fT3f4.S$1LEh3gouRxJouduA9vPj40 != 3ba9cd281d958e6fb2d60167db87b92f

The man page(s) on crypt, setkey, encrypt, des_setkey, des_cipher - password
encryption
Explains about the salt, etc. and  things that go with a MD5 hash.

It's just a pain to recreate salt/hash routines (especially in Perl, sh,
csh, etc.), and I could probably have written a C program in the time spent
talking about it (the UN is my roll model) ;-) .

I figured there are other who like me are going to run into this and will
benefit from reading this and shortening other's develop time.

Perhaps it's wishful thinking that NetBSD would have a command that returns
something like:
>crpyt -t md5 -s 4testing
$1$4fT3f4.S$1LEh3gouRxJouduA9vPj40

jam