Creating glibc 2.7 style Sha-512 crypt hashes in Perl

Question

So, I have a website that reads/verifies (and writes) password hashes from the database, and I have something that makes SHA-512 style password hashes for that, ones that look like:

$6$GloHensinmyampOc$AxvlkxxXk36oDOyu8phBzbCfLn8hyWgoYNEuqNS.3dHf4JJrwlYCqha/g6pA7HJ1WwsADjWU4Qz8MfSWM2w6F.

The website is java based, so I wrote a SHA-512 hasher for it. Trouble is, there are a bunch of perl cron jobs that run that also need to verify password hashes occasionally to the database, and since those run on a Solaris box, it's crypt doesn't support the $6$ format.

So, when I do:

printf("crypt => '%s'\n",crypt("Hello",'$1$CygnieHyitJoconf$'));

I get back sensibly:

crypt => '$1$CygnieHy$n9MlDleP0qmGCfpbnVYy11'

Whereas, if I do

printf("crypt => '%s'\n",crypt("Hello",'$6$CygnieHyitJoconf$'));

I get an unhelpful

crypt => ''

Is there a way to get the SHA-512 password hashes in Perl on a box that isn't using glibc? (That's what I get told when I do a search mostly ("use crypt").

I'd really rather not re-implement SHA-512 password hashes in perl.

Thanks!

Answer 1

Actually, I think I just found my own answer: Crypt::Passwd::XS

Crypt::Passwd::XS - Full XS implementation of common crypt() algorithms

It does unix_md5, apache_md5, unix_des, unix_sha256 and unix_sha512.. I guess it's a little unfortunate that it doesn't do blowfish. But, nevertheless, it solves my problem! Thanks @hobbs anyway tho!

use strict;
use Crypt::Passwd::XS;

{
        printf("crypt => %s\n",Crypt::Passwd::XS::crypt("Hello",'$6$CygnieHyitJoconf$'));
}

Now returns

crypt => $6$CygnieHyitJoconf$vkGJm.nLrFhyWHhNTvOh9fH/k7y6k.8ed.N7TqwT93hPMPfAOUsrRiO3MmQB5xTm1XDCVlW2zwyzU48epp8pY/

as expected!

Answer 2

Unfortunately not. crypt will be your system libc crypt, which is responsible for choosing algorithms and mapping prefix strings to algorithms. If you want access to algorithms that aren't in your system crypt then you'll need to use a re-implementation of them, and in the case of the libc ones, I don't know of any reimplementations. glibc's "SHA-512" password hash isn't simply SHA-512; it's a custom algorithm that doesn't exist outside of glibc that I know of. If you still have a chance, you might want to change to an algorithm like bcrypt or PBKDF-SHA-2 that has multiple implementations in different languages.