Hi,
I have a use case for one of the product that I work on. I need to know if the passwords on the unix machines are weak. The passwords are hashed using blowfish algorithm. I shall be doing dictionary encryption using blowfish API to find the weak passwords. I am using openssl/blowfish for this matter. So, I have already generated hash from Unix machine and i need to hash the words from dictionary to match them. Very first question here is, Can I really do so using blowfish? If yes, what is the salt that should be used to encrypt the guess word? Which blowfish API should be used ? ( Considering the fact that the ivec information is not available, please correct me if I am wrong) What is the format of the output? Is it same as what is stored in /etc/shadow on Unix? I practically tried many ways to get my use case working, however, all did not help me. Therefor, coming back to square one and asking all these basic questions. May be I am missing something in the usage. Need urgent help. Thanks in advance.
