I'm trying to mimic the creation of password strings as they appear in /etc/shadow.
This is what I've got so far, but the encrypted passwords don't match, when I use the same password and the same salt.
5000 rounds is standard for crypt, so I used that as well, but I don't see where exacly I made a mistake:
I'm doing this in Perl, this is the relevant porion:
($pass, $salt) = @ARGV;
unless(defined($salt)) {
$salt = MIME::Base64::encode(random_bytes(12), '');
}
for $i (1 .. 4999) {
$pass = Digest::SHA::sha512($salt, $pass);
}
say "";
print '$6$', $salt, '$', Digest::SHA::sha512_base64($salt, $pass), "\$\n";
The crypt algorithm involves a lot more than just re-hashing 5,000 times: