Skip to content

digest: add MD5-Crypt algo#347

Open
Ansuel wants to merge 1 commit intojow-:masterfrom
Ansuel:add-md5-crypt
Open

digest: add MD5-Crypt algo#347
Ansuel wants to merge 1 commit intojow-:masterfrom
Ansuel:add-md5-crypt

Conversation

@Ansuel
Copy link
Contributor

@Ansuel Ansuel commented Nov 20, 2025

Add MD5-Crypt algo to generare an hashed password entry to be used in shadow file.

The function will generate a random salt and return an MD5 hashed entry.

This follow the standard (and strange) way of generating an MD5-Crypt entry.

@Ansuel
digest: add MD5-Crypt algo
ee995ac 
Add MD5-Crypt algo to generare an hashed password entry to be used in
shadow file.

The function will generate a random salt and return an MD5 hashed
entry.

This follow the standard (and strange) way of generating an MD5-Crypt
entry.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
@Ansuel
Copy link
Contributor Author

Ansuel commented Nov 20, 2025

(context for this... ideally with this we should be able to replace the hack we have of manually calling passwd)

@jow-
Copy link
Owner

jow- commented Nov 20, 2025
edited
Loading

I think it would be simpler to wrap the libc crypt() instead:

#include <stdio.h>
#include <crypt.h>

int main() {
  char *password = "supersecret";
  char *setting = "$1$12345678"; // `$1$` selects MD5 algo, `12345678` are salt bytes
  char *secret = crypt(password, setting);
  
  printf("Crypt hash of %s is %s\n", password, secret);

  return 0;
}

I've been thinking about a unix module for a while which would bundle bindings for functions such as crypt(), getspnam(), getuid() etc.

In ucode you could then do:

import { crypt } from 'unix';

print("Hash: ", crypt("supersecret", "$1$12345678"), "\n");

@Ansuel
Copy link
Contributor Author

Ansuel commented Nov 20, 2025
edited
Loading

@jow- yes i jumped and had some fun checking how the md5 crypt worked and then discovered that in theory crypt should be portable enough to be usable everywhere.

The main problem is generating the salt... I feel we should provide a shothand for that (there is no helper for that...)

@jow-
Copy link
Owner

jow- commented Nov 20, 2025

We could allow the salt argument to be a two element array [algo, salt] and allow salt to be either a string (taken verbatim) or a number (generate that many random bytes):

crypt("plaintext", "$1$");  // md5, no salt
crypt("plaintext", "$1$12345678");  // md5, salt "12345678"
crypt("plaintext", [ 1, "12345678" ]);  // md5, salt "12345678"
crypt("plaintext", [ 1, 8 ]);  // md5, salt with 8 random bytes

Instead of a number for the algo we could also accept a symbolic name:

crypt("plaintext", [ "md5", "12345678" ]);  // md5, salt "12345678"
crypt("plaintext", [ "md5", 8 ]);  // md5, salt with 8 random bytes

And support the aliases documented in crypt(5)

@Ansuel
Copy link
Contributor Author

Ansuel commented Nov 20, 2025

@jow- yes that would be ideal. Any hint on that?

With that simple thing then I would do the extra step for adding md5-crypt in digest to generate a simple string.

(the pattern would be similar to how it's done currently for md5 sha1 sha256... as we would have to just define the type)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ansuel @jow-