0

I am writing a password reset utility on AIX (7.1.0.0) and I need to support SMD5, SSHA256, SSHA512 and BLOWFISH password hash algorithms. I have successfully implemented the code for SMD5, SSHA256 and SSHA512. However, for BLOWFISH algorithm the 'crypt' API still returns normal DES hash and not the BLOWFISH hash. I tried different prefixes in salt value - {sblowfish} {sblowfish}08$ {SBLOWFISH} {SBLOWFISH}08$. However, I still don't get blowfish hash. For, AIX 5.3 {sblowfish} prefix in salt value works and I get required hash. However, for AIX 7.1 it doesn't work.

The format for the salt value I am using is as follows -
MD5 - {smd5}<randomly generated 8 characters>$
SHA256 - {ssha256}06$<randomly generated 8 characters>$
SHA512 - {ssha512}06$<randomly generated 8 characters>$
BLOWFISH - {sblowfish}08$<randomly generated 22 characters>$

I then pass the user password and salt value to the 'crypt' API in 'C'.

    crypt(password, salt);

For MD5, SHA256 and SHA512 I get the password hash which is compliant to the corresponding algorithm. However, for BLOWFISH salt, the 'crypt' API rejects the salt and instead returns normal DES hash though i have the blowfish in the system.

Can anybody please help out here? Thanks in advance.

user1915016
  • 176
  • 1
  • 12
  • I'm not sure if the crypt tool has the same requirements as the PHP implementation (which calls the tool), but there the salt must be of a given alphabet: `./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`. A valid salt parameter would look like `$2y$10$nOUIs5kJ7naTuTFkBy1veu`, containing the algorithm, the cost factor and the salt. – martinstoeckli Aug 27 '14 at 08:32
  • yes it is the same salt char set applicable for C crypt() API as well. I have provided the same. – user1915016 Aug 27 '14 at 09:07
  • Could you try out this call `crypt("mypassword", "$2y$10$nOUIs5kJ7naTuTFkBy1veu")` directly? Does it give the same error? – martinstoeckli Aug 27 '14 at 09:24
  • yes, i tried the salt provided by you..still the crypt() API returns normal DES hash. I think '2y' prefix is for SUSE. – user1915016 Aug 27 '14 at 09:59
  • Then it seems that is is not supported at all. You can try if "2a" is supported (also BCrypt), otherwise i'm out of ideas. – martinstoeckli Aug 27 '14 at 10:01
  • I have tried '2a' as well but the result is no different. Also looks like bcrypt() API is not available on AIX7.1. – user1915016 Aug 27 '14 at 10:07

0 Answers0