Python MD5、SHA512(+salt)加密的问题
我试图了解 Linux 如何在 etc/shadow 文件上加密我们的密码,所以我没有一个新的虚拟“测试”用户来进行一些测试:
用户: newuser
密码: usrpw123
生成的盐: Ii4CGbr7
因此,操作系统使用 SHA512 加密系统($6$)在 etc/shadow 文件上添加以下行: newuser:$6$Ii4CGbr7$IOua8/oPV79Yp.BwzpxlSHjmCvRfTomZ .bhEvjZV2x5qhrvk82lZVrEtWQQej2pOWMdN7hvKwNgvCXKFQm5CB/:15069:0:99999:7:::
现在,我从 python 中获取 SHA512 模块并尝试执行以下操作:
import hashlib
m = hashlib.sha512()
m.update('Ii4CGbr7'+'usrpw123')
print m.hexdigest
这给出了以下哈希结果: c73156daca3e31125ce457f1343201cc8a26400b2974440af2cc72687922b48b6631d21c186796ea2756ad987a996d2b261fe9ff3af4cc81e14c3029eac5df55
如您可以看到,它与 /etc/shadow 文件中的另一个不同,我不知道为什么如果我使用相同的盐+密码来生成哈希值。
有人可以帮我解释一下为什么会发生这种情况吗?
另外,为什么 /etc/shadow 文件会生成带有一些点 (.) 的哈希值?
谢谢
I'm trying to understand how does Linux encrypt our password on the etc/shadow file, so I've dont a new virtual 'test' user to make some test:
user: newuser
password: usrpw123
Generated salt: Ii4CGbr7
So the OS makes me the following line on the etc/shadow file, using a SHA512 encryptation system ($6$): newuser:$6$Ii4CGbr7$IOua8/oPV79Yp.BwzpxlSHjmCvRfTomZ.bhEvjZV2x5qhrvk82lZVrEtWQQej2pOWMdN7hvKwNgvCXKFQm5CB/:15069:0:99999:7:::
Now, I take the SHA512 module from python and try this:
import hashlib
m = hashlib.sha512()
m.update('Ii4CGbr7'+'usrpw123')
print m.hexdigest
This gives me the following hash as a result:
c73156daca3e31125ce457f1343201cc8a26400b2974440af2cc72687922b48b6631d21c186796ea2756ad987a996d2b261fe9ff3af4cc81e14c3029eac5df55
As you can see, it's different than the other one on the /etc/shadow file, and I dont know why if I'm using the same salt+password to generate the hash.
Can someone give me a hand and explain me more or less why this happens?
And also, why does the /etc/shadow files generates a hash with some dots (.)?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
/etc/shadow 中的字段并不是按照您想象的方式构建或解释的。您需要阅读手册页详细信息,但最明显的区别是它对盐和哈希值都使用了不寻常的 Base64 编码。
The fields in /etc/shadow are not built or interpreted the way you think they are. You'll want to read the man page for details, but the most obvious difference is that it uses an unusual base64 encoding for both the salt and the hash.
/etc/shadow 中有一种生成密码哈希值的算法。
请参阅此文档以获取说明:
http://www.akkadia.org/drepper/SHA-crypt.txt
有一个实现在 python 中:
http://packages.python.org/passlib/lib/passlib.hash.sha512_crypt.html< /a>
There is an algorithm for generating the password hashes found in /etc/shadow.
See this document for an explanation:
http://www.akkadia.org/drepper/SHA-crypt.txt
There's an implementation of this in python here:
http://packages.python.org/passlib/lib/passlib.hash.sha512_crypt.html
我陷入了同样的陷阱,因为我读到的所有内容都让我相信你可以按照你写的方式检索结果。
我能够通过使用盐和密码使用 crypt.crypt()
盐来确定密码:$6$Ii4CGbr7
密码:usrpw123
并不完全使用 hashlib 库,但它可以工作。
I fell into the same trap as everything that I read lead me to believe you could retrieve the results the same way you have it written.
I was able to determine the password by using the salt and password using crypt.crypt()
salt: $6$Ii4CGbr7
password: usrpw123
doesn't exactly use the hashlib library but it works.