[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

Brian Howson via RT rt at openssl.org
Tue Sep 13 17:23:48 UTC 2016 

This may be two requests, one a bug and one a feature request.

Issue 1: openssl 1.1.0  passwd on Windows 64 doesn't generate MD5 passwords
(-1 / -apr1), returns "<NULL>".  I haven't tested other platforms.  See
output below.

Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
algorithms used by unix / linux platforms.  This limitation may force
people to use weaker password storage than possible, for example if
generating crypts using openssl passwd to feed into usermod -p.  Please add
support for password types 5 (SHA-256) and 6 (SHA-512).

http://man7.org/linux/man-pages/man3/crypt.3.html

ID  | Method
─────────────────────────────────────────────────────────
1   | MD5
2a  | Blowfish (not in mainline glibc; added in some
    | Linux distributions)
5   | SHA-256 (since glibc 2.7)
6   | SHA-512 (since glibc 2.7)


Issue 1: collateral:

Working in OpenSSL 1.0.2.h:
D:\>openssl version
OpenSSL 1.0.2h  3 May 2016

D:\>openssl passwd -apr1 password
$apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.

D:\>openssl passwd -1 password
$1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0

Compiled Openssl 1.1.0:

D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
OpenSSL 1.1.0  25 Aug 2016

D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
OpenSSL 1.1.0  25 Aug 2016

D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
UZ8kfkzdGoYTQ

D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
<NULL>

D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
<NULL>

(To show that MD5 wasn't compiled out):

D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
Usage: passwd [options]
Valid options are:
 -help       Display this summary
 -in infile  Pead passwords from file
 -noverify   Never verify when reading password from terminal
 -quiet      No warnings
 -table      Format output as table
 -reverse    Switch table columns
 -salt val   Use provided salt
 -stdin      Read passwords from stdin
 -apr1       MD5-based password algorithm, Apache variant
 -1          MD5-based password algorithm
 -crypt      Standard Unix password algorithm (default)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list