[ale] Verifying a MD5 password?

cfowler cfowler at outpostsentinel.com
Thu Feb 27 15:01:12 EST 2003


use crypt(3).  It is the most commonly used to do this kinda thing.

if(strcmp(encrypted,
 crypt("this is my plain-text password", encryptedpassed)) == 0) {
  printf("Password Match");
} else {
  printf("Invalid password");
}

Perl may have the capability to use crypt.


On Thu, 2003-02-27 at 14:52, Robert L. Harris wrote:
> 
> 
> We're trying to write a script that can verify passwords against md5
> password entries.  We've got a good mechanism to get the password from
> /etc/shadow but something in the actual computation of the md5 hash of
> the user input is not right.
> 
> Anyone have a good command line or HOWTO I can read through?
> 
> A couple combinations we've tried:
> 
> salt=spudpeel
> password=foo
> 
> #
> echo -n "foospudpeel" | openssl md5 -binary | openssl base64
> u9FAH8zsyXmwYX3pBqLd6Q==
> 
> # trying with a base64 encoded salt
> echo -n "foodc3B1ZHBlZWw=" | openssl md5 -binary | openssl base64
> JmyoP+AVagwGzN0uLF4Mow==
> 
> 
> We've only found a couple docs on how the md5 password hash's are
> generated, nothing that flat out says "do x, do y, do z, shove it in a
> file"...
> 
> Robert
> 
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | PGP Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> Diagnosis: witzelsucht  	
> 
> IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net	http://www.rdlg.net
-- 
"The Law of Leaky Abstractions"
There is a time where abstractions lead to the inablity to 
fix problems that leak through the abstraction.
http://www.joelonsoftware.com/articles/LeakyAbstractions.html

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list