Verifying a hashed salted password that uses yescrypt algorithm

In order to verify a password hash we can use openssl passwd as shown below and explained here

openssl passwd $HASHING-ALGORITHM -salt j9T$F31F/jItUvvjOv6IBFNea/ $CLEAR-TEXT-PASSWORD

However, this will work only for the following algorithm: md5, crypt, apr1, aixmd5, SHA-256, SHA-512

How to calculate the hashing password, from bash or python or nodeJS for a $CLEAR-TEXT-PASSWORD, with salt using yescrypt ?

Asked By: MasterOfTheHouse


perl‘s crypt() or python3‘s crypt.crypt() should just be an interface to your system’s crypt() / crypt_r(), so you should be able to do:

$ export PASS=password SALT='$y$j9T$F31F/jItUvvjOv6IBFNea/$'
$ perl -le 'print crypt($ENV{PASS}, $ENV{SALT})'
$ python3 -c 'import crypt, os; print(crypt.crypt(os.getenv("PASS"), os.getenv("SALT")))'

(provided your system’s crypt() supports the yescript algorithm with the $y$... salts)

Answered By: Stéphane Chazelas