[ale] Verifying a MD5 password?

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Feb 27 14:52:28 EST 2003



We're trying to write a script that can verify passwords against md5
password entries.  We've got a good mechanism to get the password from
/etc/shadow but something in the actual computation of the md5 hash of
the user input is not right.

Anyone have a good command line or HOWTO I can read through?

A couple combinations we've tried:

salt=spudpeel
password=foo

#
echo -n "foospudpeel" | openssl md5 -binary | openssl base64
u9FAH8zsyXmwYX3pBqLd6Q==

# trying with a base64 encoded salt
echo -n "foodc3B1ZHBlZWw=" | openssl md5 -binary | openssl base64
JmyoP+AVagwGzN0uLF4Mow==


We've only found a couple docs on how the md5 password hash's are
generated, nothing that flat out says "do x, do y, do z, shove it in a
file"...

Robert



:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | PGP Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu 
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht  	

IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
IPv4 = robert at mail.rdlg.net	http://www.rdlg.net

 PGP signature




More information about the Ale mailing list