r00t2/bdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

more documentation...

Browse Source
This commit is contained in:
brent s.
2016-12-27 15:25:56 -05:00
parent 2094cf4f1f
commit d0d8105db3
14 changed files with 184 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/manual/further/PASSWORDS.adoc
View File

@@ -50,7 +50,22 @@ That said, there are utilities in `extra/bin/` that should generate a salted has
The password `test` was used above. In `crypt(3)`-salted hashes, there are specific sections separated by USD dollar symbols (`$`). The first section (containing `6`) marks the *hash algorithm* -- in this case, _SHA512_. (The http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES[crypt man page^] mentions all supported hash types and their corresponding ID.) The next section, `t92Uvm1ETLocDb1D`, is the *salt*. The last section is the *hash*. How salted hashes work is an original piece of data is given (in our case, the word `test`). This data is then sent through a one-way cryptographic process that generates a new string that makes it difficult to know what the original data was. THEN a salt is added- a random string- and the process repeats. In our format, this is done _5000_ times in a row. When you log in with your password, the salt is fetched and the same process is done again- predictably, the data that process goes through should then match the salted hash string stored in the password system (in this case, the https://linux.die.net/man/5/shadow[`/etc/shadow`] file).
Whew! Got all that? Good.
There are other ways to generate the salted hash as well. These include:
==== Debian's `mkpasswd` Utility
Part of the https://packages.debian.org/jessie/whois[whois^] package, available in the AUR as https://aur.archlinux.org/packages/debian-whois-mkpasswd/[debian-whois-mkpasswd^].
mkpasswd --method=sha-512 <password>
==== Perl
The following Perl one-liner will generate a salted hash string (using the salt `aBcDeFgHiJ`):
perl -e 'print crypt("PASSWORD","\$6\$aBcDeFgHiJ\$") . "\n"'
==== `grub-crypt`
Legacy GRUB ("GRUB v1") includes `grub-crypt`, which will let you generate a salted hash:
/sbin/grub-crypt --sha-512
=== Escaping the Salted Hash
One last thing, and this is *very* important -- failure to perform this step will cause all sorts of strange Python errors -- is to escape the salted hash. Thankfully, however, this is a lot easier than it sounds.