[ale] How to get working htpasswd command onto old GoDaddy Server

[Chris Fowler]

> From: "Jim Kinney" <jim.kinney at gmail.com>
> To: neal at mnopltd.com, "Atlanta Linux Enthusiasts" <ale at ale.org>
> Sent: Friday, February 3, 2017 12:40:58 PM
> Subject: Re: [ale] How to get working htpasswd command onto old GoDaddy Server

> Be aware that perl crypt only uses the first 8 characters of the user supplied
> password.

Change your salt. 

$1$AAA$tGNmkSe.g4A/.As2M5cef/ 
$1$AAA$pT.IvPfTVr.LKCnMu.5eY/ 
Match on 9 chars 

#!/usr/bin/perl 
# 

my $password = 'password'; 
my $password1 = 'password1'; 
my $salt = '$1$AAA$'; 

my $crypt1 = crypt($password, $salt); 
print "${crypt1}\n"; 

my $crypt2 = crypt($password1, $salt); 
print "${crypt2}\n"; 

# This is one way. crypt() will take the 'password' supplied by 
# the user and encrypt using the salt on what we've stored. If 
# they match then it means the user knows the password. We are 
# not decrypting what we've stored. It is one-way. They match and we 
# assume they were right. Good and correct assumption. 

if(crypt('password', $crypt2) eq $crypt2) { 
print "Match on 8 chars\n"; 
} 

if(crypt('password1', $crypt2) eq $crypt2) { 
print "Match on 9 chars\n"; 
} 

If you are using the other salt, DES? you will match on 'password' and 'password1' because password is 8 characters long. It is a great test to see what salt someone is using. 

Only change AAA in the salt. Random characters instead. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170203/54f13d77/attachment.html>