[ale] Verifying a MD5 password?
cfowler
cfowler at outpostsentinel.com
Thu Feb 27 15:01:12 EST 2003
use crypt(3). It is the most commonly used to do this kinda thing.
if(strcmp(encrypted,
crypt("this is my plain-text password", encryptedpassed)) == 0) {
printf("Password Match");
} else {
printf("Invalid password");
}
Perl may have the capability to use crypt.
On Thu, 2003-02-27 at 14:52, Robert L. Harris wrote:
>
>
> We're trying to write a script that can verify passwords against md5
> password entries. We've got a good mechanism to get the password from
> /etc/shadow but something in the actual computation of the md5 hash of
> the user input is not right.
>
> Anyone have a good command line or HOWTO I can read through?
>
> A couple combinations we've tried:
>
> salt=spudpeel
> password=foo
>
> #
> echo -n "foospudpeel" | openssl md5 -binary | openssl base64
> u9FAH8zsyXmwYX3pBqLd6Q==
>
> # trying with a base64 encoded salt
> echo -n "foodc3B1ZHBlZWw=" | openssl md5 -binary | openssl base64
> JmyoP+AVagwGzN0uLF4Mow==
>
>
> We've only found a couple docs on how the md5 password hash's are
> generated, nothing that flat out says "do x, do y, do z, shove it in a
> file"...
>
> Robert
>
>
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | PGP Key ID: E344DA3B
> @ x-hkp://pgp.mit.edu
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
>
> Diagnosis: witzelsucht
>
> IPv6 = robert at ipv6.rdlg.net http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net http://www.rdlg.net
--
"The Law of Leaky Abstractions"
There is a time where abstractions lead to the inablity to
fix problems that leak through the abstraction.
http://www.joelonsoftware.com/articles/LeakyAbstractions.html
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list