[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trouble using encrypted passwords
From: |
Hans-Albert Schneider |
Subject: |
Re: Trouble using encrypted passwords |
Date: |
Tue, 11 Nov 2003 00:51:23 +0100 |
User-agent: |
KMail/1.5.1 |
Am Montag, 10. November 2003 22:56 schrieb David S Gathright:
[...]
> To use DES encryption (instead of MD5 or no encryption), simply
> generate passwords using the standard crypt() function. You can do
> this in either C or perl (and I'm sure, in python, if I knew
> anything about that). Here is a command line quickie:
>
> machine% perl -e 'print crypt("password", "salt" ), "\n"'
>
> On my box, this generates the encrypted string: "sa3tHJ3/KuYvI"
> Now, testing the black magic that is the crypt function, you should
> be able to get the same answer from the crypt function for this key
> using this encrypted string as the "salt" value:
>
> machine% perl -e 'print crypt("password", "sa3tHJ3/KuYvI" ), "\n"'
The salt is just the first two characters of the second argument. And
it is stored as the first two characters of the result (which is
always 13 characters in length, BTW). So using the encoded password
as the salt always works.
Actually, these characters are a base-64-representation (but not
base64 in the MIME sense) of a hash of the password. So the salt is
really a 12 bit value.
Concerning your "more paranoid version": I do not know what perl does
if the second argument to the crypt() function is not a string. It
may be that it takes the decimal representation of the number. This
would mean that you only will use 90 possible salts (namely,
[1-9][0-9]).
Hans-Albert
--
Hans-Albert Schneider
Munich, Germany
EMail: address@hidden