I am migrating some c code from Linux to Mac OSX (yosemite). The Mac OSX crypt() function (which is in unistd.h, as I have determined), is not the same as on gcc/gnu in Linux. I have test programs on Linux and Mac OSX, and the crypt() c-library function displays a 34-character string, if you display result using printf. The same code on the Mac OSX, displays only a 13 char string. A bit of research suggests that the difference is apparently the Linux crypt() library routine generates the hash from longer vectors on the gnu/gcc Linux side, using perhaps a different encryption algorithm. Some information also suggests that the Apple Mac OSX c-library crypt() function is only using DES to encrypt the original string plus the salt. I want to have my test code produce the same results, on both Linux and Mac OSX platforms.
Is there a proper crypt() function for Apple Mac OSX, isometric to the gnu/gcc Linux version, perhaps in some open-source encryption library?
Or is there a gnu/gcc equivalent crypt(3) function available for Apple Mac OSX somewhere in the Mac OSX development tools? (I am very new to Mac OSX). I am using the clang compiler, part of the Xcode stuff downloaded from Apple, current for Yosemite 10.10.5, and I am guessing I am not the first person to encounter this anomaly. Thanx for any info.
Ah. just a little edit: The Apple MacOSX stuff is using DES algo, hence the 13-char result, when inspecting the hash. Gnu/gcc uses MD5 algo, hence the 34-char resulting hash. This is explained here: http://www.gnu.org/savannah-checkouts/gnu/libc/manual/html_node/crypt.html#crypt My refined question then; is there a crypt(3) equivalent function for Mac OSX that uses MD5 (or SHA512) instead of DES?
(*** 2nd edit Note: This is getting interesting. DES is poor, but MD5 can be cracked in Kali Linux, using "hashcat"? Recommendation is to go to SHA512 apparently. Details on academic test/verify re. MD5 cracking are here: https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ Still, my question remains. Is there MD5 crypt(3) function for Mac OSX somewhere?? Thx.)
(Pls excuse my rank ignorance of protocol. Mac OS X LLVM/gcc based crypt() fuction is borked junk, hardwired to only use DES, a proven breakable hash, worse than MD5. (Call it with the salt string as $6$, and you will get back a 13 char DES hash. Unbelievable!) I have discovered numerous methods to create password hashes properly (ie. MD5 and SHA512) on Linux platforms (perl, python, etc.) They typically use either the "crypt" lib (same one you get using "-lcrypt" option in gcc on Linux), or "passlib" for python. But my MacBook, just updated to Yosemite 10.10.5 does not even have "passlib"! (My older Fedora box runs Python 2.5.1, current CentOS box runs Python 2.6.6. The nasty little Macbook indicates Python 2.7.10, using "python --version" command. I found this excellent post over at "ServerFault" site: https://serverfault.com/questions/330069/how-to-create-an-sha-512-hashed-password-for-shadow?newreg=df160746fbcd47878d600cbe76ec8b7f
The first python and the perl scripts work on Linux, since they are using glibc crypt(), I am guessing, but no "passlib.hash" seems to exist anywhere, Linux or Mac OS X.
How the heck can I create a decent password hash on this MacBook thing? I am a Mac OS X noob, and since I have confirmed that Apple is using SHA512 password hashes inside its .plist files, I am certain this fuctionality has to exist somewhere on this weird (but lovely) piece of alien hardware. In case one is curious, you can enter this to see your "ShadowHashData" on Yosemite, from the cmd line in terminal: (sorry, forgot reference for this, found it searching last nite, really helpful)
sudo defaults read /var/db/dslocal/nodes/Default/users/<yourusername>.plist ShadowHashData | tr -dc 0-9a-f | xxd -r -p | plutil -convert xml1 - -o -
So it looks like Darwin/Yosemite is using ok encryption. I read some Apple documentation on common-crypto stuff, but there is scant info on how to tweak your gcc to actually point to the library containing this critical stuff. When I determine how to this, I will post the answer here.
openssl passwd -1
generates an md5-compatible crypt hash. – indivcrypt
, as defined by POSIX, doesn't mandate a specific encryption algorithm: The algorithm is implementation-defined. – nwellnhof