UNIX for Dummies Questions & Answers

Hi all,

I'd like to use the encryption method used to generate the /etc/shadow passwords.

The goal is to write a script that get a plain-text password as argument and returns an encrycped one.

Can you help me, please?

hai

To encrypt the password you have a function called crypt.. I have used the function in c. The prototype of the function is

char * crypt(const char * pass, const char * key);

the first argument is the password to encrypt
the second one is the key to encrypt the password
the function returns the encrypted password

example program

/* cryp.c */
#include <stdio.h>
#include <unistd.h>
#include <crypt.h>
main()
{
printf("%s\n",crypt("mypassword","B"));
}

compilation:
gcc -lcrypt cryp.c

Output:
BBVV5v7k.VS2.
returns the excrypted password of the string "mypassword" with the encryption key as B

Note: the key to encrypt will always be the first char in the output

Goodluck
Collins

It works !!! Many thanks.

A question, I've tried to run with a 1 character encryption key (e.g."X") and the output string was like "X.xxxxxxxxxxx".

To eliminate the . between key and crypted string I had to use a 2 characters key, e.g.:
"AB" -> "ABxxxxxxxxxxx"

Is this a normal behaviour?

Thanks again.

hai nisant

The length of the key should be two characters. If the user passes only one character for the key field the function puts the same character twice.

so if the key is X ,
the output would be something like
XX<remaining encrypted pass>

if the key is two char length, then the first two char of the encrypted password will be the same as that of the passed argument... Hope i am right

Have a nice time
Collins

Actually, in a call like:
printf("%s\n",crypt("mypassword","B"));

That first argument, the password to be encrypted, is called the "key". The second argument is called the "salt". The salt is required to be two characters from the set [a-zA-Z0-9./]. Calling crypt() with anything other than a properly constructed two character salt is an error. The results of such a call are undefined. One implementation may use "BB" and another "B.". Still another might return an error. So please use two character salts.

I've tried using this code:

char k[2];
char str[255];

scanf("%s",k);
scanf("%s",str);
printf("%s\n",crypt(str,k));

Entering only 1 character to k variable I verify that encrypted string begins with key character repeated twice.
Tested on Solaris and HP-UX SO.

The previous test was executed on Mac OS Linux environment, maybe there are some little differences in gcc and/or libcrypto libraries.

However, it seems I can change the password in unattended mode using a C pgm tha returns the encrypted pwd because I also verified that both the encrypted pwds returned by C pgm and passwd command are the same.

So many thanks, Collins, for your help .

Bye
nisant

Thank you, Perderabo, for specifying the possible behaviours in coding an only 1 character "salt" in crypt() call.

Bye
nisant