convert plain-text password to MD5 salted hash

Question

For example under FreeBSD passwords are stored in /etc/master.passwd like this:

$1$7wtGfwgp$772bEQInetnJKUNtLM0Xt/

The password I used was "Test11". As I understand, $1$ means that it's a hashed MD5 crypt? How can one come up with the final hash "772bEQInetnJKUNtLM0Xt/" if he is aware of salt and password and uses md5sum? As I understand, it should be something like:

$ echo -n $(echo -n 7wtGfwgp)$(echo -n Test11) | md5sum

..but this doesn't quite match up. What am I doing wrong?

PS I'm asking this in order to understand the password hashing system under UNIX-like operating systems.

This would be a better question for http://serverfault.com (or maybe http://unix.stackexchange.com?). — ziesemer, Dec 11 '11 at 03:25
@ziesemer Not really. A server admin might need to do this but the question is not oriented that way and I don't think it would be accepted. Unix could be OK, though I think it's fine here. — Matthew Read, Dec 11 '11 at 03:55

score 3 · Accepted Answer · edited Apr 13 '17 at 12:36

I'm on Linux and I am not sure whether FreeBSD actually uses the same algorithm, but you can take a look at these sources of information (hope the same is on FreeBSD):

Based on the last page, this PHP script will produce the output you expect (given your password and salt):

<?php
$password = 'Test11';
$salt = '$1$7wtGfwgp$';
echo 'Crypt hash: ' . crypt($password, $salt) . "\n"
?>

You can do the same using e.g. Python:

import crypt

password = 'Test11'
salt = '$1$7wtGfwgp$'
print(crypt.crypt(password, salt))

based on this Python doc page:

http://docs.python.org/library/crypt.html

Based on the Wikipedia article:

http://en.wikipedia.org/wiki/Crypt_(Unix)

you can see the source of crypt function e.g. here:

http://google.com/codesearch/p#ZWtxA-fyzBo/UnixArchive/PDP-11/Distributions/research/Henry_Spencer_v7/v7.tar.gz%7C118goTAkg2o/usr/src/libc/gen/crypt.c

As a side note, here's a nice online hash generator:

http://insidepro.com/hashes.php?lang=eng

Hope this helps.

score 0 · Answer 2 · answered Jan 16 '14 at 20:46

Hashing and crypting is something different, even if hashing is a part of crypting ;)

So if you want to crypt it, do it like icyrock posted. md5sum (gmd5sum in freebsd coreutils) does only create a hash sum (RFC 1321) about some input. It's not using this hash to crypt in a further step as (several) crypt codes does.

That's why your code gives you something completely different as result.

convert plain-text password to MD5 salted hash

2 Answers2