[j-nsp] Format of SHA1 Passwords
Chris Morrow
morrowc at ops-netman.net
Tue Dec 3 12:05:47 EST 2013
On 12/03/2013 11:46 AM, Chip Marshall wrote:
> On 2013-12-03, Chris Morrow <morrowc at ops-netman.net> sent:
>>> I get things like "$sha1$19418$aoTClyGU$cix8MhZsXwG6OrwUgeHAoOA8f.AX"
>>> where it appears to have the format, some number, what I think is
>>> the salt, and then the hash.
>>>
>>> Anyone know how these things are calculated?
>>
>> we do this calculation.... I believe your intended format is:
>> $1$salt$hash
>>
>> or that seems to be what our code does.
>
> That's for MD5 passwords. I have a requirement to use SHA-1.
oh, ha! :( hrm... so, I set a passwd of 'flipfl0p!' for a user after
setting the passwd format to sha1 ... and I see:
"$sha1$19295$mROzSQ4a$SFnJ1fAbP4cHqw/16.xDV4s1LpMA"
and yea.... the format isn't as simple as:
>>> import hashlib
>>> p = 'flipfl0p!'
>>> s = 'mROzSQ4a'
>>> hashlib.sha1(p+s).hexdigest()
bummer.
More information about the juniper-nsp
mailing list