[ale] Ports and Crypt

Jacob Langseth jlangseth at esisys.com
Thu Aug 21 16:46:46 EDT 1997 

>   I'm thinking of doing some port based stuff on my machine, such as
> telnet to port 4133 and get a rather detailed report of what's going on
> with the machine.  The problem is I'm paranoid by default.  I'd like to
> use /etc/passwd to restrict who can/can't access it.  I've got down
> alot of the details.  My problem is I want to use a perl script and a
> subroutine that requests a passwd then compares it agains an entry
> in /etc/passwd.  Does anyone have a quick tutorial on how to encrypt
> the string the user gives so I can do a comparison or some other
> good ideas?

It's been a while since I've coded perl, but it probably has a getpwent() 
function which will retrieve the encrypted value from /etc/passwd.  Once this 
has been read (say into $CorrectPassword), the crypt(3) check will look 
something like:

    if (crypt( $ReadPassword, substr( $CorrectPassword, 0, 2 ) ) != 
$CorrectPassword) {
	# bad password
    }

A good reference might be the O'Rielly book on Perl, which contains a sample 
implementation of 'passwd'.  You might also find something on the perl 
repository web site (though I don't have the url handy).

I wrote something a while back that returns a crypt(3) value of anything passed 
to it on the command line.  It should work as an example.

Good luck!

#!/usr/local/bin/perl
# pcrypt.pl  --  <langseth at cc.gatech.edu>  --  10/29/95
#
# USAGE:  pcrypt.pl [PHRASE]
#
# Return the crypt(3) value of PHRASE, where PHRASE defaults to
# 'Why are you wasting your time?'

if ( $ARGV[0] ) {
    while ( $ARGV[0] ) {
	$phrase .= "$ARGV[0] ";
	shift;
    }
} else {
    $phrase = "Why are you wasting your time?";
}

print( "Encrypting: \n    $phrase\n" );
@saltset = ('a'..'z','A'..'Z','0'..'9','.','/');

foreach $_ ( split(' ',$phrase) ) {

    # generate a hopefully unique salt
    $now = time;
    ($pert1, $pert2) = unpack("C2", $_);
    $week = $now / (60*60*24*7) + $pert1 + $pert2 - length($_);
    $salt = $saltset[$week % 64] . $saltset[($now + ord(substr($_,0,1))) % 64];

    # return crypt(3) equivalent
    $passwd = crypt( $_, $salt );
    print( "\t$passwd\n" );
}
exit 0;
#EOF#

--
Jacob Langseth			Enhanced Systems, Inc.
CTI Engineer			Email for PGP key
<jlangseth at esisys.com>		#include <std_disclaimer.h>

More information about the Ale mailing list