Which is the encryption method used on /etc/shadow?
Use the crypt(3)
function. On glibc, the method used depends on the salt, if it starts with:
- $1$: it uses MD5.
- $5$: it uses SHA-256.
- $6$: it uses SHA-512.
- $2a$: it uses blowfish, not supported everywhere.
- Otherwise it uses DES.
Multiple encryption methods are available in glibc, see man 3 crypt, the Glibc Notes section: http://manpages.courier-mta.org/htmlman3/crypt.3.html
When verifying an existing password, just pass the encrypted form as salt; only the initial $id$salt part will be used. When creating new password, initialize id with whatever you need and put some random characters in salt.
basic example with crypt()
#include <stdio.h>#include <stdlib.h>#define MAX_STR 256#define MAX_SALT 12int main(int argc, char *argv[]) { char password[MAX_STR]; char salt[MAX_SALT]; printf("salt: "); scanf("%s", salt); printf("password: "); scanf("%s", password); printf("Encrypt '%s' : '%s'\n", password, crypt(password, salt)); return(EXIT_SUCCESS);}
Compile program:
$ gcc -lcrypt test.c