[ale] Verifying a MD5 password?
cfowler
cfowler at outpostsentinel.com
Thu Feb 27 15:30:43 EST 2003
On Thu, 2003-02-27 at 14:59, Robert L. Harris wrote:
>
>
> crypt does md5 now?
GNU EXTENSION
The glibc2 version of this function has the following additional
features. If salt is a character string starting with the three
characters "$1$" followed by at most eight characters, and
optionally terminated by "$", then instead of using the DES
machine, the glibc crypt function uses an MD5-based algorithm,
and outputs up to 34 bytes, namely "$1$<string>$", where
"<string>" stands for the up to 8 characters following "$1$" in
the salt, followed by 22 bytes chosen from the set
[a-zA-Z0-9./]. The entire key is significant here (instead of
only the first 8 bytes).
Programs using this function must be linked with -lcrypt.
>
> Thus spake cfowler (cfowler at outpostsentinel.com):
>
> > use crypt(3). It is the most commonly used to do this kinda thing.
> >
> > if(strcmp(encrypted,
> > crypt("this is my plain-text password", encryptedpassed)) == 0) {
> > printf("Password Match");
> > } else {
> > printf("Invalid password");
> > }
> >
> > Perl may have the capability to use crypt.
> >
> >
> > On Thu, 2003-02-27 at 14:52, Robert L. Harris wrote:
> > >
> > >
> > > We're trying to write a script that can verify passwords against md5
> > > password entries. We've got a good mechanism to get the password from
> > > /etc/shadow but something in the actual computation of the md5 hash of
> > > the user input is not right.
> > >
> > > Anyone have a good command line or HOWTO I can read through?
> > >
> > > A couple combinations we've tried:
> > >
> > > salt=spudpeel
> > > password=foo
> > >
> > > #
> > > echo -n "foospudpeel" | openssl md5 -binary | openssl base64
> > > u9FAH8zsyXmwYX3pBqLd6Q==
> > >
> > > # trying with a base64 encoded salt
> > > echo -n "foodc3B1ZHBlZWw=" | openssl md5 -binary | openssl base64
> > > JmyoP+AVagwGzN0uLF4Mow==
> > >
> > >
> > > We've only found a couple docs on how the md5 password hash's are
> > > generated, nothing that flat out says "do x, do y, do z, shove it in a
> > > file"...
> > >
> > > Robert
> > >
> > >
> > >
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris | PGP Key ID: E344DA3B
> > > @ x-hkp://pgp.mit.edu
> > > DISCLAIMER:
> > > These are MY OPINIONS ALONE. I speak for no-one else.
> > >
> > > Diagnosis: witzelsucht
> > >
> > > IPv6 = robert at ipv6.rdlg.net http://ipv6.rdlg.net
> > > IPv4 = robert at mail.rdlg.net http://www.rdlg.net
> > --
> > "The Law of Leaky Abstractions"
> > There is a time where abstractions lead to the inablity to
> > fix problems that leak through the abstraction.
> > http://www.joelonsoftware.com/articles/LeakyAbstractions.html
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | PGP Key ID: E344DA3B
> @ x-hkp://pgp.mit.edu
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
>
> Diagnosis: witzelsucht
>
> IPv6 = robert at ipv6.rdlg.net http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net http://www.rdlg.net
--
"The Law of Leaky Abstractions"
There is a time where abstractions lead to the inablity to
fix problems that leak through the abstraction.
http://www.joelonsoftware.com/articles/LeakyAbstractions.html
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list