[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crypt() on OpenBSD

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: crypt() on OpenBSD
From: azazel_(_at_)_123india_(_dot_)_com
Date: 27 Jul 1999 02:02:38 -0700

Thanks for the info on blowfish, but I am still confused as to how I extract the salt to plug into the the encrypt() routine.

>>I would assume that the salt here is still first X digits (so you're
>>probably supposed to pass version algorythm, and number of rounds along the
>>salt. Correct me if I am wrong.
>
>This is correct, the crypt(3) manpage actually says that, in maybe a way that
>could be improved upon

So, what do I actually put into $salt ?

e.g. with the password hash:

$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC

I have tried the first 16 bytes of the password hash, ($2a$12$eIAq8PR8s) the first 16 bytes minus the $ signs (2a12eIAq8PR8s), and the first 16 non $ characters (2a12eIAq8PR8sIUn). None of which work... I am missing something here ?

I am using the encrypt() routine from /usr/sbin/adduser in the script (below), which has the args $pass and $salt. I wish to crypt a password the user has typed in, and compare it with their entry in the passwd file (in this case /etc/poppasswd).

---
#!/usr/bin/perl

$passwdfilename="/etc/poppasswd";
$encryptionmethod="blowfish";
$username = "jbloggs";

#
# usage encrypt($pass,$salt); 
# global variable $encryptionmethod should be set to either  
# blowfish/md5 or des 
# returns encrypted string. 
#
sub encrypt { 
    local($pass, $salt) = ($_[0], $_[1]); 
    local $args, $crypt; 
    local $goodpass; 
            
    if ($encryptionmethod eq "des") { 
        $args = "-s $salt"; 
    } elsif ($encryptionmethod eq "md5") { 
        $args = "-m"; 
    } elsif ($encryptionmethod eq "blowfish") { 
        $args = "-b $salt"; 
    } 
            
    $pass =~ s/(.)/\\$1/g; 
            
    $crypt = `/usr/bin/encrypt $args -- $pass`; 
    chop $crypt; 
    return($crypt); 
} 


#
# Main
#
open(POPPASSWDFILE, $passwdfilename) or die "Can't open $passwdfilename for reading";
while ($entry = <POPPASSWDFILE>) {
    if ($entry =~ /$username/) {
        last;
    }
}

@components = split /:/, $entry;
$pwd = @components[1];

$salt = substr($pwd, 0, 16);       # What goes here ????

system "stty -echo";
print "Password: ";
chop($word = <STDIN>);
print "\n";
system "stty echo";

if (&encrypt($word, $salt) ne $pwd) {
    die "Sorry...\n";
} else {
    print "ok\n";
}

--

Thanks again

Keith


______________________________________________________
123India - India's Premier Search Engine
Get your Free Email Account at http://www.123india.com

Prev by Date: various limitations for IDE disks
Next by Date: bind and open bsd
Previous by thread: crypt() on OpenBSD
Next by thread: pgp263
Index(es):
- Date
- Thread

Visit your host, monkey.org