使用ruby生成SHA512 crypt样式哈希格式化为/ etc / shadow? [英] Using ruby to generate SHA512 crypt-style hashes formatted for /etc/shadow?
问题描述
我想生成SHA512散列的密码直接包含在/ etc / shadow文件中,以便与厨师的用户资源。通常我会去stdlib的 Digest 库,但它不会以正确的格式生成哈希:
I want to generate SHA512 hashed passwords for inclusion directly into a /etc/shadow file for use with chef's user resource. Normally I'd go to the stdlib's Digest library for this, but it doesn't generate the hash in the right format:
ruby-1.9.2-p136 :001 > require 'digest/sha2'
=> true
ruby-1.9.2-p136 :002 > Digest::SHA512.hexdigest('test')
=> "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"
影子文件需要的格式是:
The format that the shadow file wants is:
$6$/ShPQNXV$HJnibH9lw01qtYqyJQiBf81ggJB2BGUvKA7.kv39HGCeE.gD4C/SS9zAf5BrwOv3VJzvl99FpHYli9E8jykRC0
我看过的东西:
- openssldgst模块返回与.hexdigest相同的格式,它的passwd模块不包括SHA512支持。
- String#crypt,但不支持SHA512。 (编辑:这只是在OSX上的情况 - 如果您指定$ 6 $ somesalt作为盐),现代Linux发行版将工作。
- ruby-crypt gem,但它不支持SHA512
- The openssl "dgst" module returns the same format as .hexdigest, and its "passwd" module doesn't include SHA512 support.
- String#crypt, but that does not support SHA512. (edit: this is only the case on OSX - modern Linux distros will work if you specify "$6$somesalt" as the salt)
- ruby-crypt gem, but it does not support SHA512
比较,确实返回正确格式的是PHP的 crypt ,但我宁可不必执行对于PHP应该是简单的。
For comparison, something that does return the proper format is PHP's crypt, but I'd rather not have to exec out to PHP for something that should be simple.
推荐答案
进一步研究后:
-
mkpasswd命令,其中debian是
whois包(奇怪):
mkpasswd -m sha-512
mkpasswd -m sha-512
String#crypt实际上调用平台的本机crypt()调用,但OSX(最多10.6)不包括对替代密码的支持。 password.crypt('$ 6 $ somesalt')将在Linux平台上运行。
String#crypt does actually call the platform's native crypt() call, however OSX (up to 10.6) does not include support for alternate ciphers. "password".crypt('$6$somesalt') will work on Linux platforms.
这篇关于使用ruby生成SHA512 crypt样式哈希格式化为/ etc / shadow?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
