unix-crypt creates and checks passwords that you’d normally find in an /etc/shadow file on your UNIX box.
It’s written entirely in Ruby and has no external dependencies.
It handles:
-
DES passwords (the standard 13 character password with a 2 character salt)
-
MD5 passwords (starting with
$1$ ) -
SHA256 passwords (starting with
$5$ ) -
SHA512 passwords (starting with
$6$ )
This library is compatible with Ruby 1.8.7 and above. Tested on Ruby 2.0.0p353.
gem install unix-crypt
An executable named mkunixcrypt allows you to generate passwords from the command line.
Usage: mkunixcrypt [options]
Encrypts password using the unix-crypt gem
Options:
-h, --hash [HASH] Set hash algorithm [SHA512 (default), SHA256, MD5, DES]
-p, --password [PASSWORD] Provide password on command line (insecure!)
-s, --salt [SALT] Provide hash salt
-r, --rounds [ROUNDS] Set number of hashing rounds (SHA256/SHA512 only)
--help Show this message
-v, --version Show version
You can either validate a password of any type matches its hash:
>> require 'unix_crypt'
=> true
>> UnixCrypt.valid?("Hello world!", "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5")
=> true
Or you can generate a new hash, given a password and salt:
>> UnixCrypt::SHA256.build("Hello world!", "saltstring")
=> "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
If a salt is not specified, one will be generated using random data:
>> UnixCrypt::SHA256.build("Hello world!")
=> "$5$v.fjb6lucDCZKjcf$90gzpr9HYo0eAeaN8rubElJdUUOcVYjTnGePBRvCgt1"
There are four classes you can use, depending on which hashing algorithm you’d like:
UnixCrypt::DES UnixCrypt::MD5 UnixCrypt::SHA256 UnixCrypt::SHA512
Licensed under the BSD license. See LICENSE file for details.
-
Roger Nesbitt ([email protected])
-
Patrick Wyatt ([email protected])