[ale] Verifying a MD5 password?

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Feb 27 14:59:48 EST 2003



crypt does md5 now?

Thus spake cfowler (cfowler at outpostsentinel.com):

> use crypt(3).  It is the most commonly used to do this kinda thing.
> 
> if(strcmp(encrypted,
>  crypt("this is my plain-text password", encryptedpassed)) == 0) {
>   printf("Password Match");
> } else {
>   printf("Invalid password");
> }
> 
> Perl may have the capability to use crypt.
> 
> 
> On Thu, 2003-02-27 at 14:52, Robert L. Harris wrote:
> > 
> > 
> > We're trying to write a script that can verify passwords against md5
> > password entries.  We've got a good mechanism to get the password from
> > /etc/shadow but something in the actual computation of the md5 hash of
> > the user input is not right.
> > 
> > Anyone have a good command line or HOWTO I can read through?
> > 
> > A couple combinations we've tried:
> > 
> > salt=spudpeel
> > password=foo
> > 
> > #
> > echo -n "foospudpeel" | openssl md5 -binary | openssl base64
> > u9FAH8zsyXmwYX3pBqLd6Q==
> > 
> > # trying with a base64 encoded salt
> > echo -n "foodc3B1ZHBlZWw=" | openssl md5 -binary | openssl base64
> > JmyoP+AVagwGzN0uLF4Mow==
> > 
> > 
> > We've only found a couple docs on how the md5 password hash's are
> > generated, nothing that flat out says "do x, do y, do z, shove it in a
> > file"...
> > 
> > Robert
> > 
> > 
> > 
> > :wq!
> > ---------------------------------------------------------------------------
> > Robert L. Harris                     | PGP Key ID: E344DA3B
> >                                          @ x-hkp://pgp.mit.edu 
> > DISCLAIMER:
> >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > 
> > Diagnosis: witzelsucht  	
> > 
> > IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
> > IPv4 = robert at mail.rdlg.net	http://www.rdlg.net
> -- 
> "The Law of Leaky Abstractions"
> There is a time where abstractions lead to the inablity to 
> fix problems that leak through the abstraction.
> http://www.joelonsoftware.com/articles/LeakyAbstractions.html
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | PGP Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu 
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht  	

IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
IPv4 = robert at mail.rdlg.net	http://www.rdlg.net

 PGP signature




More information about the Ale mailing list