unix-crypt

unix-crypt creates and checks passwords that you'd normally find in an /etc/shadow file on your UNIX box.

It's written entirely in Ruby and has no external dependencies.

It handles:

• DES passwords (the standard 13 character password with a 2 character salt)
• MD5 passwords (starting with $1$)
• SHA256 passwords (starting with $5$)
• SHA512 passwords (starting with $6$)

This library requires Ruby 2.3 or above. Tested up to Ruby 4.0.1.

gem install unix-crypt

An executable named mkunixcrypt allows you to generate passwords from the command line.

Usage: mkunixcrypt [options]
Encrypts password using the unix-crypt gem

Options:
    -h, --hash [HASH]                Set hash algorithm [SHA512 (default), SHA256, MD5, DES]
    -p, --password [PASSWORD]        Provide password on command line (insecure!)
    -s, --salt [SALT]                Provide hash salt
    -r, --rounds [ROUNDS]            Set number of hashing rounds (SHA256/SHA512 only)
        --help                       Show this message
    -v, --version                    Show version

You can either validate a password of any type matches its hash:

>> require 'unix_crypt'
=> true
>> UnixCrypt.valid?("Hello world!", "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5")
=> true

Or you can generate a new hash, given a password and salt:

>> UnixCrypt::SHA256.build("Hello world!", "saltstring")
=> "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"

If a salt is not specified, one will be generated using random data:

>> UnixCrypt::SHA256.build("Hello world!")
=> "$5$v.fjb6lucDCZKjcf$90gzpr9HYo0eAeaN8rubElJdUUOcVYjTnGePBRvCgt1"

There are four classes you can use, depending on which hashing algorithm you'd like:

• UnixCrypt::DES
• UnixCrypt::MD5
• UnixCrypt::SHA256
• UnixCrypt::SHA512

Licensed under the BSD license. See LICENSE file for details.