diff options
Diffstat (limited to 'manual/examples')
| -rw-r--r-- | manual/examples/genpass.c | 44 | ||||
| -rw-r--r-- | manual/examples/mygetpass.c | 4 | ||||
| -rw-r--r-- | manual/examples/testpass.c | 52 |
3 files changed, 67 insertions, 33 deletions
diff --git a/manual/examples/genpass.c b/manual/examples/genpass.c index 5edb2e9..23d2078 100644 --- a/manual/examples/genpass.c +++ b/manual/examples/genpass.c @@ -16,34 +16,44 @@ */ #include <stdio.h> -#include <time.h> #include <unistd.h> #include <crypt.h> int main(void) { - unsigned long seed[2]; - char salt[] = "$1$........"; - const char *const seedchars = + unsigned char ubytes[16]; + char salt[20]; + const char *const saltchars = "./0123456789ABCDEFGHIJKLMNOPQRST" "UVWXYZabcdefghijklmnopqrstuvwxyz"; - char *password; + char *hash; int i; - /* Generate a (not very) random seed. - You should do it better than this... */ - seed[0] = time(NULL); - seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000); - - /* Turn it into printable characters from `seedchars'. */ - for (i = 0; i < 8; i++) - salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f]; - - /* Read in the user's password and encrypt it. */ - password = crypt(getpass("Password:"), salt); + /* Retrieve 16 unpredictable bytes from the operating system. */ + if (getentropy (ubytes, sizeof ubytes)) + { + perror ("getentropy"); + return 1; + } + + /* Use them to fill in the salt string. */ + salt[0] = '$'; + salt[1] = '5'; /* SHA-256 */ + salt[2] = '$'; + for (i = 0; i < 16; i++) + salt[3+i] = saltchars[ubytes[i] & 0x3f]; + salt[3+i] = '\0'; + + /* Read in the user's passphrase and hash it. */ + hash = crypt (getpass ("Enter new passphrase: "), salt); + if (!hash || hash[0] == '*') + { + perror ("crypt"); + return 1; + } /* Print the results. */ - puts(password); + puts (hash); return 0; } diff --git a/manual/examples/mygetpass.c b/manual/examples/mygetpass.c index dfc0c59..3f465ac 100644 --- a/manual/examples/mygetpass.c +++ b/manual/examples/mygetpass.c @@ -1,4 +1,4 @@ -/* Reading Passwords +/* Reading passphrases manually. Copyright (C) 1991-2018 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or @@ -32,7 +32,7 @@ my_getpass (char **lineptr, size_t *n, FILE *stream) if (tcsetattr (fileno (stream), TCSAFLUSH, &new) != 0) return -1; - /* Read the password. */ + /* Read the passphrase */ nread = getline (lineptr, n, stream); /* Restore terminal. */ diff --git a/manual/examples/testpass.c b/manual/examples/testpass.c index 19f1ae7..f8883fe 100644 --- a/manual/examples/testpass.c +++ b/manual/examples/testpass.c @@ -1,4 +1,4 @@ -/* Verify a password. +/* Verify a passphrase. Copyright (C) 1991-2018 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or @@ -20,24 +20,48 @@ #include <unistd.h> #include <crypt.h> +/* @samp{GNU's Not Unix} hashed using SHA-256, MD5, and DES. */ +static const char hash_sha[] = + "$5$DQ2z5NHf1jNJnChB$kV3ZTR0aUaosujPhLzR84Llo3BsspNSe4/tsp7VoEn6"; +static const char hash_md5[] = "$1$A3TxDv41$rtXVTUXl2LkeSV0UU5xxs1"; +static const char hash_des[] = "FgkTuF98w5DaI"; + int main(void) { - /* Hashed form of "GNU libc manual". */ - const char *const pass = "$1$/iSaq7rB$EoUw5jJPPvAPECNaaWzMK/"; + char *phrase; + int status = 0; + + /* Prompt for a passphrase. */ + phrase = getpass ("Enter passphrase: "); + + /* Compare against the stored hashes. Any input that begins with + @samp{GNU's No} will match the DES hash, but the other two will + only match @samp{GNU's Not Unix}. */ - char *result; - int ok; + if (strcmp (crypt (phrase, hash_sha), hash_sha)) + { + puts ("SHA: not ok"); + status = 1; + } + else + puts ("SHA: ok"); -/*@group*/ - /* Read in the user's password and encrypt it, - passing the expected password in as the salt. */ - result = crypt(getpass("Password:"), pass); -/*@end group*/ + if (strcmp (crypt (phrase, hash_md5), hash_md5)) + { + puts ("MD5: not ok"); + status = 1; + } + else + puts ("MD5: ok"); - /* Test the result. */ - ok = strcmp (result, pass) == 0; + if (strcmp (crypt (phrase, hash_des), hash_des)) + { + puts ("DES: not ok"); + status = 1; + } + else + puts ("DES: ok"); - puts(ok ? "Access granted." : "Access denied."); - return ok ? 0 : 1; + return status; } |