useradd and crypt
David Bandel
david.bandel
Wed Oct 4 16:03:58 PDT 2006
On 10/3/06, Michael Hipp <Michael at hipp.com> wrote:
[snip]
>
> Thanks. Appears to be what I was looking for.
>
> But in playing with it, I don't understand what it's doing. When I encrypt a
> password like this:
>
> makepasswd --crypt --string abc123
>
> I get a different result on every run and none of them match what is in
> /etc/shadow for known passwords. Also tried --crypt-md5 with similar results.
> So how do you get it to match what passwd would produce so that the input to
> the useradd command would be correct for /etc/shadow?
<sigh>
You've obviously been playing with Windoze and kindergarten
cryptography for too long.
If you crypt a password 1000 times, you should get almost no repeats,
yet each hash is perfectly good and will check out correctly if used.
Crypt'ed passwords use a salt. This salt is part of the hash.
Think of it like this:
If you scramble 100 eggs, they won't all look the same (unless you
completely puree them). And while you can't unscramble eggs, if you
were to scramble them _exactly_ the same each time (which you can't),
they would, indeed, come out looking the same.
Trust me, the crypts are good. The reason this won't happen on M$
systems is they don't use a random salt, all M$ system have a static
salt, so all passwords hash the same on an M$ system. Makes it easy
to find folks using the same password on an M$ system. UNIX has never
suffered from this kind of stupidity.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list