{"id":2318,"date":"2019-03-15T23:23:09","date_gmt":"2019-03-15T14:23:09","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=2318"},"modified":"2019-03-16T02:58:38","modified_gmt":"2019-03-15T17:58:38","slug":"generate-a-sha512-password-with-openssl","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2019\/03\/15\/generate-a-sha512-password-with-openssl\/","title":{"rendered":"OpenSSL\u3067SHA512\u306ePASSWORD\u3092\u751f\u6210\u3059\u308b"},"content":{"rendered":"<div class=\"paragraph\">\n<p>Linux \u306e \/etc\/shadow \u306esha512\u5f62\u5f0f\u306e\u6697\u53f7\u5316\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u751f\u6210\u3059\u308b\u306e\u306b OpenSSL \u3092\u5229\u7528\u3057\u305f\u30e1\u30e2\u3067\u3059\uff0e<\/p>\n<p>\u6700\u8fd1\u306f SHA512 \u304c\u898f\u5b9a\u5024\u306b\u306a\u3063\u3066\u3044\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ grep ^ENCRYPT_METHOD \/etc\/login.defs\r\nENCRYPT_METHOD SHA512<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>openssl passwd \u306f 1.1.1 \u304b\u3089 sha512 \u304c\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>*) 'openssl passwd' can now produce SHA256 and SHA512 based output,<\/pre>\n<\/div>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/www.openssl.org\/news\/changelog.html#x3\">Changes between 1.1.0i and 1.1.1 [11 Sep 2018]<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>-6 \u30aa\u30d7\u30b7\u30e7\u30f3\u304c SHA512<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ openssl version\r\nOpenSSL 1.1.1a  20 Nov 2018 (Library: OpenSSL 1.1.1b  26 Feb 2019)\r\n$ openssl passwd --help\r\nUsage: passwd [options]\r\nValid options are:\r\n -help               Display this summary\r\n -in infile          Read passwords from file\r\n -noverify           Never verify when reading password from terminal\r\n -quiet              No warnings\r\n -table              Format output as table\r\n -reverse            Switch table columns\r\n -salt val           Use provided salt\r\n -stdin              Read passwords from stdin\r\n -6                  SHA512-based password algorithm\r\n -5                  SHA256-based password algorithm\r\n -apr1               MD5-based password algorithm, Apache variant\r\n -1                  MD5-based password algorithm\r\n -aixmd5             AIX MD5-based password algorithm\r\n -crypt              Standard Unix password algorithm (default)\r\n -rand val           Load the file(s) into the random number generator\r\n -writerand outfile  Write random data to the specified file<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u3053\u3093\u306a\u611f\u3058\u3067\u4f5c\u308c\u308b<br \/>\n$ \u304c\u533a\u5207\u308a\u6587\u5b57\u306b\u306a\u3063\u3066\u3044\u3066\uff0c 6 \u90e8\u5206\u304c\u6697\u53f7\u5f62\u5f0f\u306eid\uff0cSALT \u90e8\u5206\u304csalt\uff0c\u305d\u306e\u5f8c\u308d\u304c\u6697\u53f7\u5316\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u306a\u3063\u3066\u3044\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ openssl passwd -salt SALT -6 PASSWORD\r\n$6$SALT$io0TPmhM8ythCm7Idt0AfYvTuFCLyA1CMVmeT3EUqarf2NQcTuLKEgP9.4Q8fgClzP7OCnyOY1wo1xDw0jtyH1<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u3053\u306e\u6587\u5b57\u5217\u3092\uff0c \/etc\/shadow \u306e\u7b2c2\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u57cb\u3081\u8fbc\u3080\u3068login \u306b\u5229\u7528\u3067\u304d\u308b<\/p>\n<\/div>\n<div class=\"paragraph\">\n<p>SALT \u3082\u30e9\u30f3\u30c0\u30e0\u306b\u3057\u305f\u3044\u5834\u5408\u306f\uff0c<br \/>\n\/dev\/random \u3084<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ tr -cd '[:alnum:]' &lt; \/dev\/random | head -c 8\r\nouOpUJoq<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>openssl rand \u304c\u4f7f\u3048\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ openssl rand --help\r\nUsage: rand [flags] num\r\nValid options are:\r\n -help               Display this summary\r\n -out outfile        Output file\r\n -rand val           Load the file(s) into the random number generator\r\n -writerand outfile  Write random data to the specified file\r\n -base64             Base64 encode output\r\n -hex                Hex encode output\r\n -engine val         Use engine, possibly a hardware device\r\n$ openssl rand -base64 6\r\nGy\/YhLzM<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>salt 8 \u6587\u5b57\u3067 sha512 \u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f5c\u6210<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ openssl passwd -6 -salt $(openssl rand -base64 6) PASSWORD\r\n$6$O2bwYkq\/$QIIeAsVueV3vfGZqK\/obGMevpB3DwRb\/wq2uqn3ykdst1hEV3.72cGPu3gX0p3mD5KPWNrK0M6OPdElDPGD000<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u5b9f\u969b\u306b \/etc\/shadow \u306b\u8a2d\u5b9a\u3057\u3066\u8a8d\u8a3c\u3092\u8a66\u3057\u3066\u307f\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ sudo useradd testuser\r\n$ sudo sed -i 's,^testuser:[^:]*,testuser:$6$O2bwYkq\/$QIIeAsVueV3vfGZqK\/obGMevpB3DwRb\/wq2uqn3ykdst1hEV3.72cGPu3gX0p3mD5KPWNrK0M6OPdElDPGD000,' \/etc\/shadow\r\n$ sudo grep ^testuser: \/etc\/shadow\r\ntestuser:$6$O2bwYkq\/$QIIeAsVueV3vfGZqK\/obGMevpB3DwRb\/wq2uqn3ykdst1hEV3.72cGPu3gX0p3mD5KPWNrK0M6OPdElDPGD000:17970:0:99999:7:::\r\n$ su testuser\r\nPassword:\r\n$ whoami\r\ntestuser\r\n$<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>openssl \u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u53e4\u304f\u3066SHA512\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u9069\u5f53\u306ascript\u3067\u751f\u6210\u3067\u304d\u308b<br \/>\nsalt \u3092\u540c\u3058\u3082\u306e\u306b\u3057\u3066\u8a66\u3059\u3068\u540c\u3058\u6587\u5b57\u5217\u304c\u5f97\u3089\u308c\u308b\u306e\u304c\u78ba\u8a8d\u3067\u304d\u308b<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ perl -e 'print crypt(\"PASSWORD\", ( \"\\$6\\$\" . \"O2bwYkq\/\" ));'\r\n$6$O2bwYkq\/$QIIeAsVueV3vfGZqK\/obGMevpB3DwRb\/wq2uqn3ykdst1hEV3.72cGPu3gX0p3mD5KPWNrK0M6OPdElDPGD000\r\n$ python -c \"import crypt, getpass, pwd; print crypt.crypt('PASSWORD','\\$6\\$O2bwYkq\/\\$')\"\r\n$6$O2bwYkq\/$QIIeAsVueV3vfGZqK\/obGMevpB3DwRb\/wq2uqn3ykdst1hEV3.72cGPu3gX0p3mD5KPWNrK0M6OPdElDPGD000<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u74b0\u5883<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ dpkg-query -W openssl login\r\nlogin   1:4.5-1.1\r\nopenssl 1.1.1a-1\r\n$ lsb_release -dr\r\nDescription:    Debian GNU\/Linux buster\/sid\r\nRelease:        testing\r\n$ uname -m\r\naarch64<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u53c2\u8003URL<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/www.akkadia.org\/drepper\/SHA-crypt.txt\">Unix crypt using SHA-256 and SHA-512<br \/>\n<\/a><\/p>\n<\/li>\n<li>\n<p><a href=\"http:\/\/d.hatena.ne.jp\/matoken\/20090129\/1233239258\">Solaris10 \u306e\/etc\/shadow \u306e\u6697\u53f7\u5f62\u5f0f\u3092\u5909\u66f4\u3057\u3066\u9577\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u5bfe\u5fdc\u3055\u305b\u308b\uff0e &#8211; matoken\u2019s meme -hatena-<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<p><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B0028N4W3I&#038;linkId=1a061ad872786d87abf2d8f112b00deb\"><\/iframe><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=4908686009&#038;linkId=57345608700ddf9724e837f4a4e47746\"><\/iframe><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B073J82NQX&#038;linkId=1f94f8861b5660c2e06bf0828f87d6e2\"><\/iframe><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux \u306e \/etc\/shadow \u306esha512\u5f62\u5f0f\u306e\u6697\u53f7\u5316\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u751f\u6210\u3059\u308b\u306e\u306b OpenSSL \u3092\u5229\u7528\u3057\u305f\u30e1\u30e2\u3067\u3059\uff0e \u6700\u8fd1\u306f SHA512 \u304c\u898f\u5b9a\u5024\u306b\u306a\u3063\u3066\u3044\u308b $ grep ^ENCRYPT_METHOD  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[428,7,6],"tags":[455,454,456],"class_list":["post-2318","post","type-post","status-publish","format-standard","hentry","category-buster","category-debian-linux","category-linux","tag-etcshadow","tag-openssl","tag-sha512"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=2318"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2318\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=2318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=2318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=2318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}