mkpasswd: improve help and remove DES support.
Just Say No™ to weak ciphers.
This commit is contained in:
parent
b6979c871a
commit
8522eb3b2b
2 changed files with 47 additions and 152 deletions
|
@ -3,56 +3,36 @@ mkpasswd.c documentation
|
||||||
This is documentation for the updated mkpasswd.c included with a number
|
This is documentation for the updated mkpasswd.c included with a number
|
||||||
of ircd, irc services, and non-IRC related programs
|
of ircd, irc services, and non-IRC related programs
|
||||||
|
|
||||||
This version of mkpasswd can create DES, Extended DES, Blowfish, and MD5
|
This version of mkpasswd can create Blowfish, MD5, SHA256, and SHA512 crypted
|
||||||
passwords, with either randomly generated or user provided salts.
|
passwords, with either randomly generated or user provided salts.
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
|
-x Generate a SHA256 password
|
||||||
|
-y Generate a SHA512 password
|
||||||
-m Generate an MD5 password
|
-m Generate an MD5 password
|
||||||
-d Generate a DES password
|
|
||||||
-b Generate a Blowfish password
|
-b Generate a Blowfish password
|
||||||
-e Generate an Extended (BSDi) DES password
|
|
||||||
-l Specify a length for a random MD5 or Blowfish salt
|
-l Specify a length for a random MD5 or Blowfish salt
|
||||||
-r Specify a number of rounds for a Blowfish or Extended DES password
|
-r Specify a number of rounds for a Blowfish password
|
||||||
Blowfish: no more than 6 recommended, no less than 4 accepted
|
Default 4, no more than 6 recommended
|
||||||
Extended DES: default of 25
|
-s Specify a salt, up to 16 for MD5, SHA256, and SHA512
|
||||||
-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,
|
up to 22 for Blowfish
|
||||||
up to 22 for Blowfish, 2 for Extended DES
|
|
||||||
-p Specify a plaintext password to use
|
-p Specify a plaintext password to use
|
||||||
-? Get brief help
|
-? Get brief help
|
||||||
-h Get extended help
|
-h Get extended help
|
||||||
|
|
||||||
Without the presence of any parameters, it'll behave like the old mkpasswd,
|
Without the presence of any parameters, it'll generate a SHA512 hash with a
|
||||||
creating a DES password with a randomly generated salt and prompting for
|
randomly generated salt and prompting for the password (without echo).
|
||||||
the password (without echo).
|
|
||||||
|
|
||||||
A DES salt is a pair of alphanumeric characters ('.' and '/' are permitted
|
An MD5, SHA256, and SHA512 salt consists of up to 16 alphanumeric characters
|
||||||
as well), such as 'a4' or 'Td'.
|
(plus '.' and '/'), such as 'tGd' or 'J6d4dfG'.
|
||||||
|
|
||||||
An MD5 salt consists of up to 16 (though most implementations limit you to
|
|
||||||
8) alphanumeric characters (plus '.' and '/'),
|
|
||||||
such as 'tGd' or 'J6d4dfG'.
|
|
||||||
|
|
||||||
A Blowfish salt consists of up to 22 alphanumeric characters (plus '.' and
|
A Blowfish salt consists of up to 22 alphanumeric characters (plus '.' and
|
||||||
'/'). Blowfish also specifies a number of rounds*, by default 4.
|
'/'). Blowfish also specifies a number of rounds*, by default 4.
|
||||||
|
|
||||||
Known bugs:
|
Blowfish may not always be available, but MD5, SHA256, and SHA512 are
|
||||||
The encryption algorithms supported depend on your system's crypt()
|
guaranteed to be.
|
||||||
implementation.
|
|
||||||
The maximum length of an MD5 salt is limited to your systems crypt()
|
|
||||||
implementation, typically 8.
|
|
||||||
|
|
||||||
Supported Platforms (Known and tested):
|
This program should work anywhere Charybdis does; if you find otherwise, file
|
||||||
Linux glibc (DES and MD5)
|
a bug.
|
||||||
FreeBSD 3.x (DES (MD5 maybe))
|
|
||||||
FreeBSD 4.x (DES, MD5, Blowfish, Extended DES)
|
|
||||||
Solaris 2.5-2.6 (DES only)
|
|
||||||
Cygwin 1.1.4 (DES only)
|
|
||||||
Prior Cygwin with the MD5 libcrypt (MD5 only)
|
|
||||||
OpenBSD 2.7 (don't link with -lcrypt) (DES, MD5, Blowfish)
|
|
||||||
Mac OS-X (Darwin) (don't link with -lcrypt) (DES only)
|
|
||||||
|
|
||||||
An MMK build script is included, as well as an MD5 crypt() implementation
|
|
||||||
|
|
||||||
Other systems probably work, but they haven't been amply tested.
|
|
||||||
|
|
||||||
* Blowfish's rounds parameter is a logarithm, not an integer value
|
* Blowfish's rounds parameter is a logarithm, not an integer value
|
||||||
|
|
139
tools/mkpasswd.c
139
tools/mkpasswd.c
|
@ -1,14 +1,13 @@
|
||||||
/* simple password generator by Nelson Minar (minar@reed.edu)
|
/* simple password generator by Nelson Minar (minar@reed.edu)
|
||||||
** copyright 1991, all rights reserved.
|
* copyright 1991, all rights reserved.
|
||||||
** You can use this code as long as my name stays with it.
|
* You can use this code as long as my name stays with it.
|
||||||
**
|
*
|
||||||
** md5 patch by W. Campbell <wcampbel@botbay.net>
|
* md5 patch by W. Campbell <wcampbel@botbay.net>
|
||||||
** Modernization, getopt, etc for the Hybrid IRCD team
|
* Modernization, getopt, etc for the Hybrid IRCD team
|
||||||
** by W. Campbell
|
* by W. Campbell
|
||||||
**
|
*
|
||||||
** /dev/random for salt generation added by
|
* /dev/random for salt generation added by
|
||||||
** Aaron Sethman <androsyn@ratbox.org>
|
* Aaron Sethman <androsyn@ratbox.org>
|
||||||
**
|
|
||||||
*/
|
*/
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -22,20 +21,15 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define FLAG_MD5 0x00000001
|
#define FLAG_MD5 0x00000001
|
||||||
#define FLAG_DES 0x00000002
|
#define FLAG_SALT 0x00000002
|
||||||
#define FLAG_SALT 0x00000004
|
#define FLAG_PASS 0x00000004
|
||||||
#define FLAG_PASS 0x00000008
|
#define FLAG_LENGTH 0x00000008
|
||||||
#define FLAG_LENGTH 0x00000010
|
#define FLAG_BLOWFISH 0x00000010
|
||||||
#define FLAG_BLOWFISH 0x00000020
|
#define FLAG_ROUNDS 0x00000020
|
||||||
#define FLAG_ROUNDS 0x00000040
|
#define FLAG_SHA256 0x00000040
|
||||||
#define FLAG_EXT 0x00000080
|
#define FLAG_SHA512 0x00000080
|
||||||
#define FLAG_SHA256 0x00000100
|
|
||||||
#define FLAG_SHA512 0x00000200
|
|
||||||
|
|
||||||
|
|
||||||
static char *make_des_salt(void);
|
|
||||||
static char *make_ext_salt(int);
|
|
||||||
static char *make_ext_salt_para(int, char *);
|
|
||||||
static char *make_md5_salt(int);
|
static char *make_md5_salt(int);
|
||||||
static char *make_md5_salt_para(char *);
|
static char *make_md5_salt_para(char *);
|
||||||
static char *make_sha256_salt(int);
|
static char *make_sha256_salt(int);
|
||||||
|
@ -100,30 +94,22 @@ main(int argc, char *argv[])
|
||||||
char *hashed;
|
char *hashed;
|
||||||
int flag = 0;
|
int flag = 0;
|
||||||
int length = 0; /* Not Set */
|
int length = 0; /* Not Set */
|
||||||
int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
|
int rounds = 0; /* Not set, since blowfish needs 4 by default, a side effect
|
||||||
** 4 by default, a side effect of this being the encryption
|
* of this being the encryption type parameter must be
|
||||||
** type parameter must be specified before the rounds
|
* specified before the rounds parameter.
|
||||||
** parameter.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
while((c = getopt(argc, argv, "xymdber:h?l:s:p:")) != -1)
|
while((c = getopt(argc, argv, "xymbr:h?l:s:p:")) != -1)
|
||||||
{
|
{
|
||||||
switch (c)
|
switch (c)
|
||||||
{
|
{
|
||||||
case 'm':
|
case 'm':
|
||||||
flag |= FLAG_MD5;
|
flag |= FLAG_MD5;
|
||||||
break;
|
break;
|
||||||
case 'd':
|
|
||||||
flag |= FLAG_DES;
|
|
||||||
break;
|
|
||||||
case 'b':
|
case 'b':
|
||||||
flag |= FLAG_BLOWFISH;
|
flag |= FLAG_BLOWFISH;
|
||||||
rounds = 4;
|
rounds = 4;
|
||||||
break;
|
break;
|
||||||
case 'e':
|
|
||||||
flag |= FLAG_EXT;
|
|
||||||
rounds = 25;
|
|
||||||
break;
|
|
||||||
case 'l':
|
case 'l':
|
||||||
flag |= FLAG_LENGTH;
|
flag |= FLAG_LENGTH;
|
||||||
length = atoi(optarg);
|
length = atoi(optarg);
|
||||||
|
@ -187,45 +173,6 @@ main(int argc, char *argv[])
|
||||||
else
|
else
|
||||||
salt = make_sha256_salt(length);
|
salt = make_sha256_salt(length);
|
||||||
}
|
}
|
||||||
else if(flag & FLAG_EXT)
|
|
||||||
{
|
|
||||||
/* XXX - rounds needs to be done */
|
|
||||||
if(flag & FLAG_SALT)
|
|
||||||
{
|
|
||||||
if((strlen(saltpara) == 4))
|
|
||||||
{
|
|
||||||
salt = make_ext_salt_para(rounds, saltpara);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("Invalid salt, please enter 4 alphanumeric characters\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
salt = make_ext_salt(rounds);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if (flag & FLAG_DES)
|
|
||||||
{
|
|
||||||
if(flag & FLAG_SALT)
|
|
||||||
{
|
|
||||||
if((strlen(saltpara) == 2))
|
|
||||||
{
|
|
||||||
salt = saltpara;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("Invalid salt, please enter 2 alphanumeric characters\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
salt = make_des_salt();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(length == 0)
|
if(length == 0)
|
||||||
|
@ -262,15 +209,6 @@ main(int argc, char *argv[])
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *
|
|
||||||
make_des_salt()
|
|
||||||
{
|
|
||||||
static char salt[3];
|
|
||||||
generate_random_salt(salt, 2);
|
|
||||||
salt[2] = '\0';
|
|
||||||
return salt;
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
char *
|
||||||
int_to_base64(int value)
|
int_to_base64(int value)
|
||||||
{
|
{
|
||||||
|
@ -289,26 +227,6 @@ int_to_base64(int value)
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *
|
|
||||||
make_ext_salt(int rounds)
|
|
||||||
{
|
|
||||||
static char salt[10];
|
|
||||||
|
|
||||||
sprintf(salt, "_%s", int_to_base64(rounds));
|
|
||||||
generate_random_salt(&salt[5], 4);
|
|
||||||
salt[9] = '\0';
|
|
||||||
return salt;
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
|
||||||
make_ext_salt_para(int rounds, char *saltpara)
|
|
||||||
{
|
|
||||||
static char salt[10];
|
|
||||||
|
|
||||||
sprintf(salt, "_%s%s", int_to_base64(rounds), saltpara);
|
|
||||||
return salt;
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
char *
|
||||||
make_md5_salt_para(char *saltpara)
|
make_md5_salt_para(char *saltpara)
|
||||||
{
|
{
|
||||||
|
@ -499,19 +417,16 @@ generate_random_salt(char *salt, int length)
|
||||||
void
|
void
|
||||||
full_usage()
|
full_usage()
|
||||||
{
|
{
|
||||||
printf("mkpasswd [-m|-d|-b|-e] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
|
printf("mkpasswd [-m|-b|-x|-y] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
|
||||||
printf("-x Generate a SHA256 password\n");
|
printf("-x Generate a SHA256 password\n");
|
||||||
printf("-y Generate a SHA512 password\n");
|
printf("-y Generate a SHA512 password\n");
|
||||||
printf("-m Generate an MD5 password\n");
|
printf("-m Generate an MD5 password\n");
|
||||||
printf("-d Generate a DES password\n");
|
|
||||||
printf("-b Generate a Blowfish password\n");
|
printf("-b Generate a Blowfish password\n");
|
||||||
printf("-e Generate an Extended DES password\n");
|
|
||||||
printf("-l Specify a length for a random MD5 or Blowfish salt\n");
|
printf("-l Specify a length for a random MD5 or Blowfish salt\n");
|
||||||
printf("-r Specify a number of rounds for a Blowfish or Extended DES password\n");
|
printf("-r Specify a number of rounds for a Blowfish password\n");
|
||||||
printf(" Blowfish: default 4, no more than 6 recommended\n");
|
printf(" Default 4, no more than 6 recommended\n");
|
||||||
printf(" Extended DES: default 25\n");
|
printf("-s Specify a salt, up to 16 for MD5, SHA256, and SHA512\n");
|
||||||
printf("-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,\n");
|
printf(" up to 22 for Blowfish\n");
|
||||||
printf(" up to 22 for Blowfish, and 4 for Extended DES\n");
|
|
||||||
printf("-p Specify a plaintext password to use\n");
|
printf("-p Specify a plaintext password to use\n");
|
||||||
printf("Example: mkpasswd -m -s 3dr -p test\n");
|
printf("Example: mkpasswd -m -s 3dr -p test\n");
|
||||||
exit(0);
|
exit(0);
|
||||||
|
@ -521,8 +436,8 @@ void
|
||||||
brief_usage()
|
brief_usage()
|
||||||
{
|
{
|
||||||
printf("mkpasswd - password hash generator\n");
|
printf("mkpasswd - password hash generator\n");
|
||||||
printf("Standard DES: mkpasswd [-d] [-s salt] [-p plaintext]\n");
|
printf(" SHA512: mkpasswd [-y] [-l saltlength] [-s salt] [-p plaintext]\n");
|
||||||
printf("Extended DES: mkpasswd -e [-r rounds] [-s salt] [-p plaintext]\n");
|
printf(" SHA256: mkpasswd -x [-l saltlength] [-s salt] [-p plaintext]\n");
|
||||||
printf(" MD5: mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
|
printf(" MD5: mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
|
||||||
printf("Blowfish: mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
|
printf("Blowfish: mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
|
||||||
printf(" [-p plaintext]\n");
|
printf(" [-p plaintext]\n");
|
||||||
|
|
Loading…
Reference in a new issue