Java: Password encryption

Clemente · 02-07-2006, 08:12 AM

Hi all,

I have to write a java class, that encrypts user passwords for linux systems.

Encrypted passwords look like

Quote:

Cleartext: example123
Encrypted: $1$WSkRNdS1$wEjaljTpo9RJeAUmTOmyq.

(I got this passwd from a shadow file)

After trying and googling, I don't know really
a) what algorithm is used to produce the encrypted password (it is not CRYPTed) and
b) how to encrypt with java.

The JCE seems to support two-way encryptions and some digests only. I tried the digests like md5, but nothing produced something identical (or even similar) to the given encrypted passwords.

Can anyone point me the correct direction?
Thanks a lot,
Clemente

scuzzman · 02-07-2006, 08:14 AM

The encryption, if this is for a standard login, is DES. This should prove useful: http://javaalmanac.com/egs/javax.crypto/DesString.html

Clemente · 02-07-2006, 09:00 AM

Hi scuzzman!

Thank you for quick answer. I studied/tried the code behind your link. It works, but creates other ciphers, and it creates another cipher each run.
A key is necessary to use DES. If the system uses DES, what key comes to action? Is it derived from the username?

Maybe I am to dumb, but I don't find the big key (for my problem, not DES :-) )
Clemente

Clemente · 02-07-2006, 09:30 AM

Finally I got it.
The encryption was MD5, and I found a Java md5encryption implementation from IBM. Links are posted below.

The encrypted password gives following information between the "$" chars:
$1$QnRtOx4v$DgS/DY84XDmasEHZKqdfv.
$1$ : Magic key, that indicates, that the string is a md5 cipher
$12345678$ : Salt used to encrypt, 8 characters

http://www-128.ibm.com/developerwork...cale=worldwide

The site is linked by this one:
http://www-128.ibm.com/developerwork...ry/l-md5crypt/

Perhaps someone can use this one, too

Clemente