0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-25 16:22:35 +01:00

mkpasswd: improve help and remove DES support.

Just Say No™ to weak ciphers.
This commit is contained in:
Elizabeth Myers 2016-03-21 09:12:59 -05:00
parent b6979c871a
commit 8522eb3b2b
2 changed files with 47 additions and 152 deletions

View file

@ -3,56 +3,36 @@ mkpasswd.c documentation
This is documentation for the updated mkpasswd.c included with a number
of ircd, irc services, and non-IRC related programs
This version of mkpasswd can create DES, Extended DES, Blowfish, and MD5
This version of mkpasswd can create Blowfish, MD5, SHA256, and SHA512 crypted
passwords, with either randomly generated or user provided salts.
Options:
-x Generate a SHA256 password
-y Generate a SHA512 password
-m Generate an MD5 password
-d Generate a DES password
-b Generate a Blowfish password
-e Generate an Extended (BSDi) DES password
-l Specify a length for a random MD5 or Blowfish salt
-r Specify a number of rounds for a Blowfish or Extended DES password
Blowfish: no more than 6 recommended, no less than 4 accepted
Extended DES: default of 25
-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,
up to 22 for Blowfish, 2 for Extended DES
-r Specify a number of rounds for a Blowfish password
Default 4, no more than 6 recommended
-s Specify a salt, up to 16 for MD5, SHA256, and SHA512
up to 22 for Blowfish
-p Specify a plaintext password to use
-? Get brief help
-h Get extended help
Without the presence of any parameters, it'll behave like the old mkpasswd,
creating a DES password with a randomly generated salt and prompting for
the password (without echo).
Without the presence of any parameters, it'll generate a SHA512 hash with a
randomly generated salt and prompting for the password (without echo).
A DES salt is a pair of alphanumeric characters ('.' and '/' are permitted
as well), such as 'a4' or 'Td'.
An MD5 salt consists of up to 16 (though most implementations limit you to
8) alphanumeric characters (plus '.' and '/'),
such as 'tGd' or 'J6d4dfG'.
An MD5, SHA256, and SHA512 salt consists of up to 16 alphanumeric characters
(plus '.' and '/'), such as 'tGd' or 'J6d4dfG'.
A Blowfish salt consists of up to 22 alphanumeric characters (plus '.' and
'/'). Blowfish also specifies a number of rounds*, by default 4.
Known bugs:
The encryption algorithms supported depend on your system's crypt()
implementation.
The maximum length of an MD5 salt is limited to your systems crypt()
implementation, typically 8.
Blowfish may not always be available, but MD5, SHA256, and SHA512 are
guaranteed to be.
Supported Platforms (Known and tested):
Linux glibc (DES and MD5)
FreeBSD 3.x (DES (MD5 maybe))
FreeBSD 4.x (DES, MD5, Blowfish, Extended DES)
Solaris 2.5-2.6 (DES only)
Cygwin 1.1.4 (DES only)
Prior Cygwin with the MD5 libcrypt (MD5 only)
OpenBSD 2.7 (don't link with -lcrypt) (DES, MD5, Blowfish)
Mac OS-X (Darwin) (don't link with -lcrypt) (DES only)
This program should work anywhere Charybdis does; if you find otherwise, file
a bug.
An MMK build script is included, as well as an MD5 crypt() implementation
Other systems probably work, but they haven't been amply tested.
* Blowfish's rounds parameter is a logarithm, not an integer value
* Blowfish's rounds parameter is a logarithm, not an integer value

View file

@ -1,15 +1,14 @@
/* simple password generator by Nelson Minar (minar@reed.edu)
** copyright 1991, all rights reserved.
** You can use this code as long as my name stays with it.
**
** md5 patch by W. Campbell <wcampbel@botbay.net>
** Modernization, getopt, etc for the Hybrid IRCD team
** by W. Campbell
**
** /dev/random for salt generation added by
** Aaron Sethman <androsyn@ratbox.org>
**
*/
* copyright 1991, all rights reserved.
* You can use this code as long as my name stays with it.
*
* md5 patch by W. Campbell <wcampbel@botbay.net>
* Modernization, getopt, etc for the Hybrid IRCD team
* by W. Campbell
*
* /dev/random for salt generation added by
* Aaron Sethman <androsyn@ratbox.org>
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@ -22,20 +21,15 @@
#endif
#define FLAG_MD5 0x00000001
#define FLAG_DES 0x00000002
#define FLAG_SALT 0x00000004
#define FLAG_PASS 0x00000008
#define FLAG_LENGTH 0x00000010
#define FLAG_BLOWFISH 0x00000020
#define FLAG_ROUNDS 0x00000040
#define FLAG_EXT 0x00000080
#define FLAG_SHA256 0x00000100
#define FLAG_SHA512 0x00000200
#define FLAG_SALT 0x00000002
#define FLAG_PASS 0x00000004
#define FLAG_LENGTH 0x00000008
#define FLAG_BLOWFISH 0x00000010
#define FLAG_ROUNDS 0x00000020
#define FLAG_SHA256 0x00000040
#define FLAG_SHA512 0x00000080
static char *make_des_salt(void);
static char *make_ext_salt(int);
static char *make_ext_salt_para(int, char *);
static char *make_md5_salt(int);
static char *make_md5_salt_para(char *);
static char *make_sha256_salt(int);
@ -100,30 +94,22 @@ main(int argc, char *argv[])
char *hashed;
int flag = 0;
int length = 0; /* Not Set */
int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
** 4 by default, a side effect of this being the encryption
** type parameter must be specified before the rounds
** parameter.
int rounds = 0; /* Not set, since blowfish needs 4 by default, a side effect
* of this being the encryption type parameter must be
* specified before the rounds parameter.
*/
while((c = getopt(argc, argv, "xymdber:h?l:s:p:")) != -1)
while((c = getopt(argc, argv, "xymbr:h?l:s:p:")) != -1)
{
switch (c)
{
case 'm':
flag |= FLAG_MD5;
break;
case 'd':
flag |= FLAG_DES;
break;
case 'b':
flag |= FLAG_BLOWFISH;
rounds = 4;
break;
case 'e':
flag |= FLAG_EXT;
rounds = 25;
break;
case 'l':
flag |= FLAG_LENGTH;
length = atoi(optarg);
@ -187,45 +173,6 @@ main(int argc, char *argv[])
else
salt = make_sha256_salt(length);
}
else if(flag & FLAG_EXT)
{
/* XXX - rounds needs to be done */
if(flag & FLAG_SALT)
{
if((strlen(saltpara) == 4))
{
salt = make_ext_salt_para(rounds, saltpara);
}
else
{
printf("Invalid salt, please enter 4 alphanumeric characters\n");
exit(1);
}
}
else
{
salt = make_ext_salt(rounds);
}
}
else if (flag & FLAG_DES)
{
if(flag & FLAG_SALT)
{
if((strlen(saltpara) == 2))
{
salt = saltpara;
}
else
{
printf("Invalid salt, please enter 2 alphanumeric characters\n");
exit(1);
}
}
else
{
salt = make_des_salt();
}
}
else
{
if(length == 0)
@ -262,15 +209,6 @@ main(int argc, char *argv[])
return 0;
}
static char *
make_des_salt()
{
static char salt[3];
generate_random_salt(salt, 2);
salt[2] = '\0';
return salt;
}
char *
int_to_base64(int value)
{
@ -289,26 +227,6 @@ int_to_base64(int value)
return buf;
}
char *
make_ext_salt(int rounds)
{
static char salt[10];
sprintf(salt, "_%s", int_to_base64(rounds));
generate_random_salt(&salt[5], 4);
salt[9] = '\0';
return salt;
}
char *
make_ext_salt_para(int rounds, char *saltpara)
{
static char salt[10];
sprintf(salt, "_%s%s", int_to_base64(rounds), saltpara);
return salt;
}
char *
make_md5_salt_para(char *saltpara)
{
@ -499,19 +417,16 @@ generate_random_salt(char *salt, int length)
void
full_usage()
{
printf("mkpasswd [-m|-d|-b|-e] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
printf("mkpasswd [-m|-b|-x|-y] [-l saltlength] [-r rounds] [-s salt] [-p plaintext]\n");
printf("-x Generate a SHA256 password\n");
printf("-y Generate a SHA512 password\n");
printf("-m Generate an MD5 password\n");
printf("-d Generate a DES password\n");
printf("-b Generate a Blowfish password\n");
printf("-e Generate an Extended DES password\n");
printf("-l Specify a length for a random MD5 or Blowfish salt\n");
printf("-r Specify a number of rounds for a Blowfish or Extended DES password\n");
printf(" Blowfish: default 4, no more than 6 recommended\n");
printf(" Extended DES: default 25\n");
printf("-s Specify a salt, 2 alphanumeric characters for DES, up to 16 for MD5,\n");
printf(" up to 22 for Blowfish, and 4 for Extended DES\n");
printf("-r Specify a number of rounds for a Blowfish password\n");
printf(" Default 4, no more than 6 recommended\n");
printf("-s Specify a salt, up to 16 for MD5, SHA256, and SHA512\n");
printf(" up to 22 for Blowfish\n");
printf("-p Specify a plaintext password to use\n");
printf("Example: mkpasswd -m -s 3dr -p test\n");
exit(0);
@ -521,11 +436,11 @@ void
brief_usage()
{
printf("mkpasswd - password hash generator\n");
printf("Standard DES: mkpasswd [-d] [-s salt] [-p plaintext]\n");
printf("Extended DES: mkpasswd -e [-r rounds] [-s salt] [-p plaintext]\n");
printf(" MD5: mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
printf(" Blowfish: mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
printf(" [-p plaintext]\n");
printf(" SHA512: mkpasswd [-y] [-l saltlength] [-s salt] [-p plaintext]\n");
printf(" SHA256: mkpasswd -x [-l saltlength] [-s salt] [-p plaintext]\n");
printf(" MD5: mkpasswd -m [-l saltlength] [-s salt] [-p plaintext]\n");
printf("Blowfish: mkpasswd -b [-r rounds] [-l saltlength] [-s salt]\n");
printf(" [-p plaintext]\n");
printf("Use -h for full usage\n");
exit(0);
}