<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Jim Kinney" <jim.kinney@gmail.com><br><b>To: </b>neal@mnopltd.com, "Atlanta Linux Enthusiasts" <ale@ale.org><br><b>Sent: </b>Friday, February 3, 2017 12:40:58 PM<br><b>Subject: </b>Re: [ale] How to get working htpasswd command onto old GoDaddy Server<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div>Be aware that perl crypt only uses the first 8 characters of the user supplied password.</div></blockquote><div><br></div><div>Change your salt. </div><div><br data-mce-bogus="1"></div><div>$1$AAA$tGNmkSe.g4A/.As2M5cef/<br>$1$AAA$pT.IvPfTVr.LKCnMu.5eY/<br>Match on 9 chars<br></div><div><br data-mce-bogus="1"></div><div>#!/usr/bin/perl<br>#<br><br>my $password = 'password';<br>my $password1 = 'password1';<br>my $salt = '$1$AAA$';<br><br>my $crypt1 = crypt($password, $salt);<br>print "${crypt1}\n";<br><br>my $crypt2 = crypt($password1, $salt);<br>print "${crypt2}\n";<br></div><div><br data-mce-bogus="1"></div><div># This is one way. crypt() will take the 'password' supplied by</div><div># the user and encrypt using the salt on what we've stored. If</div><div># they match then it means the user knows the password. We are</div><div># not decrypting what we've stored. It is one-way. They match and we</div><div># assume they were right. Good and correct assumption.</div><div><br data-mce-bogus="1"></div><div>if(crypt('password', $crypt2) eq $crypt2) {<br> print "Match on 8 chars\n";<br>}<br><br>if(crypt('password1', $crypt2) eq $crypt2) {<br> print "Match on 9 chars\n";<br>}<br></div><div><br data-mce-bogus="1"></div><div>If you are using the other salt, DES? you will match on 'password' and 'password1' because password is 8 characters long. It is a great test to see what salt someone is using. </div><div><br data-mce-bogus="1"></div><div>Only change AAA in the salt. Random characters instead.</div><div><br data-mce-bogus="1"></div></div></div></body></html>