#!/usr/bin/perl use warnings; use strict; use Crypt::Eksblowfish::Bcrypt qw(bcrypt); my $settings = '$2$07$abcdefghijklmnopkC2SI.'; #hash identifier + salt my $hash = 'SY5XUDcstCvd.D7IsnwxqkBQmKD548W'; my $hashed = bcrypt('password', $settings); print "\n$hashed\n"; print $settings.$hash."\n\n"; $settings = '$2a$05$abcdefghijklmnopqrstuu'; $hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; my $password = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $hashed = bcrypt($password, $settings); print "$hashed\n"; print $settings.$hash."\n\n"; $settings = '$2a$05$abcdefghijklmnopqrstuu'; $hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; # just change the first digit of password $password = '1123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $hashed = bcrypt($password, $settings); print "$hashed\n"; print $settings.$hash."\n\n"; while() { chomp; my ($checkstring, $password) = split; # print "$checkstring\t$password\n"; #regex for the blowfish hash id and the 22 char salt $checkstring =~ s#^(\$2a?\$\d{2}\$[A-Za-z0-9+\\.]{22})(.*)##; # 22 is shown, may be 53 on some systems? my($id_salt, $hash) = ($1, $2); # print "$id_salt\t\t$hash\n"; my $hashed = bcrypt($password, $id_salt); print "$hashed\n"; print "$hash\n"; if($hashed eq $id_salt.$hash){print "matched\n\n"}else{ print "NOT matched\n\n"} } =head1 bcrypt(PASSWORD, SETTINGS) This is a version of "crypt" (see "crypt" in perlfunc) that implements the bcrypt algorithm. It does not implement any other hashing algorithms, so if others are desired then it necessary to examine the algorithm prefix in SET TINGS and dispatch between more than one version of "crypt". SETTINGS must be a string which encodes the algorithm parameters, including salt. It must begin with "$2", optional "a", "$", two digits, "$", and 22 base 64 digits. The rest of the string is ignored. The presence of the optional "a" means that a NUL is to be appended to the password before it is used as a key. The two digits set the cost parameter. The 22 base 64 dig its encode the salt. The function will "die" if SETTINGS does not have this format. The PASSWORD is hashed according to the SETTINGS. The value returned is a string which encodes the algorithm parameters and the hash: the parameters are in the same format required in SETTINGS, and the hash is appended in the form of 31 base 64 digits. This result is suitable to be used as a SETTINGS string for input to this function: the hash part of the string is ignored on input. =cut # example what might be shown in /etc/shadow (without password shown) # you must separate off the $id_salt, and compute the hash # (id_salt+eksblowfishhash) (right password) __DATA__ $2$07$aba.............kC2SI.cbHK1ODT5F77pYUqRNV63bd/IDxsTXq 0 $2$07$abcdee..........kC2SI.HiVB5Ax/RkxnDF2P5lQk06NBgbF/xYO 0 $2$07$abcdefghijklmnopkC2SI.7Q0nVrcMF4umRv5Pk5vDi0GlDI.lLE. 0 $2$07$abcdefghijklmnopqrstuuAgtOGDu2Z1DC3oOn6HzhbBE811IGUYu 0 $2$07$abcdefghijklmnopkC2SI.SY5XUDcstCvd.D7IsnwxqkBQmKD548W password $2$04$abcdefghijklmnopkC2SI.q7Yf61ne/f5tu69iU.SIM68gT3LAaYy password $2$10$abcdefghijklmnopkC2SI./wsXFeTOFgHVzDjpY2cn9yyF85o0khS password $2$04$......................Ns4TWVMFumL/LG8wa/FMbZnvNs.EDBi password $2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm password $2$06$......................h9TvqYVBoV1csDZEfDS/qeQHryfT7dm password $2$07$......................A.nYdZ8J7ihz9grv6aPNwWdqpEgHssm password $2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW U*U $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK U*U* $2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a U*U*U $2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789