unix-crypt creates and checks passwords that you’d normally find in an /etc/shadow file on your UNIX box.

It’s written entirely in Ruby and has no external dependencies.

It handles:

• DES passwords (the standard 13 character password with a 2 character salt)

• MD5 passwords (starting with $1$)

• SHA256 passwords (starting with $5$)

• SHA512 passwords (starting with $6$)

This library is compatible with Ruby 1.8.7 and above. Tested on Ruby 2.0.0p353.

gem install unix-crypt

An executable named mkunixcrypt allows you to generate passwords from the command line.

Usage: mkunixcrypt [options]
Encrypts password using the unix-crypt gem

Options:
    -h, --hash [HASH]                Set hash algorithm [SHA512 (default), SHA256, MD5, DES]
    -p, --password [PASSWORD]        Provide password on command line (insecure!)
    -s, --salt [SALT]                Provide hash salt
    -r, --rounds [ROUNDS]            Set number of hashing rounds (SHA256/SHA512 only)
        --help                       Show this message
    -v, --version                    Show version

You can either validate a password of any type matches its hash:

>> require 'unix_crypt'
=> true
>> UnixCrypt.valid?("Hello world!", "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5")
=> true

Or you can generate a new hash, given a password and salt:

>> UnixCrypt::SHA256.build("Hello world!", "saltstring")
=> "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"

If a salt is not specified, one will be generated using random data:

>> UnixCrypt::SHA256.build("Hello world!")
=> "$5$v.fjb6lucDCZKjcf$90gzpr9HYo0eAeaN8rubElJdUUOcVYjTnGePBRvCgt1"

There are four classes you can use, depending on which hashing algorithm you’d like:

UnixCrypt::DES
UnixCrypt::MD5
UnixCrypt::SHA256
UnixCrypt::SHA512

Licensed under the BSD license. See LICENSE file for details.

• Roger Nesbitt (roger@seriousorange.com)

• Patrick Wyatt (pat@codeofhonor.com)