Question

奥凯,我花了最后几天时间对此进行研究,我相信阿帕奇在本土支持的洗衣功能已经过时。

我发现了这样做的几种方式,这些途径是 mo的,是 mo的,是 mo的。这意味着用户可能需要在一次届会上认证数百次。

是否有任何人设法让阿帕奇使用比MD5和SHA-1更安全的东西,而没有从阿帕奇转移认证? 盐水-2是一种真正的奖金。

感谢!

Answer 1

如果在过去五年或数年内重新使用GNU/HCH系统,发放了glibc2版本,那么你就可以修改对盐的“6美元”预先发放的绕过式加密,然后简单明了:

 # htpasswd -d -c .htpasswd someusername

When the salt starts with "$6$", glibc2 will use salted SHA-512, with the up to 16 characters after that being the salt, in the range [a-zA-Z0-9./].

见男子3 加密。

我不了解任何支持这种安排的派系,但应该简单。

EDIT: I d also like to mention that one round of even salted SHA-512 is breakable if your attacker is determined enough. I d recommend, and am using in most things I ve been able to edit, 128000 rounds of PBKDF2 with HMAC-SHA512, but this would be a very extensive edit, unless you want to link htpasswd against openssl, which has a PKCS5_PBKDF2_HMAC() function.

EDIT 2 此外,如果你重新有兴趣的话,利用开放器做强有力的洗 is。

abraxas ~ # cat pbkdf2.c 

#include <string.h>
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

#define PBKDF2_SALT_PREFIX          "$pbkdf2sha512$"
#define PBKDF2_SALT_PREFIX_LENGTH   strlen(PBKDF2_SALT_PREFIX)
#define PBKDF2_PRF_ALGORITHM        EVP_sha512()
#define PBKDF2_DIGEST_LENGTH        SHA512_DIGEST_LENGTH
#define PBKDF2_SALT_LENGTH          32
#define PBKDF2_RESULT_LENGTH        PBKDF2_SALT_PREFIX_LENGTH + (2 * PBKDF2_DIGEST_LENGTH) + PBKDF2_SALT_LENGTH + 2
#define PBKDF2_ROUNDS               128000

void hash_password(const char* pass, const unsigned char* salt, char* result)
{
    unsigned int i;
    static unsigned char digest[PBKDF2_DIGEST_LENGTH];
    memcpy(result, PBKDF2_SALT_PREFIX, PBKDF2_SALT_PREFIX_LENGTH);
    memcpy(result + PBKDF2_SALT_PREFIX_LENGTH, salt, PBKDF2_SALT_LENGTH);
    result[PBKDF2_SALT_PREFIX_LENGTH + PBKDF2_SALT_LENGTH] =  $ ;
    PKCS5_PBKDF2_HMAC(pass, strlen(pass), salt, PBKDF2_SALT_LENGTH, PBKDF2_ROUNDS, PBKDF2_PRF_ALGORITHM, PBKDF2_DIGEST_LENGTH, digest);
    for (i = 0; i < sizeof(digest); i++)
        sprintf(result + PBKDF2_SALT_PREFIX_LENGTH + PBKDF2_SALT_LENGTH + 1 + (i * 2), "%02x", 255 & digest[i]);
}

int main(void)
{
    char result[PBKDF2_RESULT_LENGTH];
    char pass[] = "password";
    unsigned char salt[] = "178556d2988b6f833f239cd69bc07ed3";
    printf("Computing PBKDF2(HMAC-SHA512,  %s ,  %s , %d, %d) ...
", pass, salt, PBKDF2_ROUNDS, PBKDF2_DIGEST_LENGTH);
    memset(result, 0, PBKDF2_RESULT_LENGTH);
    hash_password(pass, salt, result);
    printf("Result: %s
", result);
    return 0;
}

abraxas ~ # gcc -Wall -Wextra -O3 -lssl pbkdf2.c -o pbkdf2
abraxas ~ # time ./pbkdf2 

Computing PBKDF2(HMAC-SHA512,  password ,  178556d2988b6f833f239cd69bc07ed3 , 128000, 64) ...
Result: $pbkdf2sha512$178556d2988b6f833f239cd69bc07ed3$3acb79896ce3e623c3fac32f91d4421fe360fcdacfb96ee3460902beac26807d28aca4ed01394de2ea37b363ab86ba448286eaf21e1d5b316149c0b9886741a7

real    0m0.320s
user    0m0.319s
sys 0m0.001s

abraxas ~ #

友情链接