Re: [Dbmail-dev] crypt pw comparison.

Wed, 2 Jun 2004 23:39:38 +0200 (CEST) 

Sorry, I didn't think that through much - you're using php, not
hacking dbmail.  :)  Just use php's crypt() function.  It will
support md5 hash's if the host OS does (and the CRYPT_MD5 constant
is set if that's the case).


---- Original Message ----
From: Jesse Norell <dbmail-dev@dbmail.org>
To: dbmail-dev@dbmail.org
Subject: Re: [Dbmail-dev] crypt pw comparison.
Sent: Wed,  2 Jun 2004 15:36:01 -0600 (MDT)

> 
> php's (and perl's) md5() is just an md5 digest - in dbmail,
> look for a makemd5() function and you're set.
> 
> 
> ---- Original Message ----
> From: Micah <dbmail-dev@dbmail.org>
> To: Jesse Norell <[EMAIL PROTECTED]>, DBMAIL Developers Mailinglist
> <dbmail-dev@dbmail.org>
> Subject: Re: [Dbmail-dev] crypt pw comparison.
> Sent: Wed, 2 Jun 2004 14:22:52 -0700
> 
> > Okay. Thanks, now I have to figure out how to convert the hex string that 
> > the 
> > php md5() function returns into something that I can compare with. I have a 
> > funny feeling I'm going to end up writing my own md5 routine. 
> > 
> > -Micah 
> > 
> > 
> > On Wednesday 02 June 2004 02:00 pm, Jesse Norell wrote:
> > > > Yet, the auth function in mysqlauth.c uses the password as the salt:
> > > >
> > > > -- snip --
> > > > else if ( strcasecmp(__auth_row[2], "crypt") == 0)
> > > >     {
> > > >       trace (TRACE_DEBUG,"auth_validate(): validating using crypt()
> > > > encryption");
> > > >       is_validated = (strcmp( (const char *) crypt(password,
> > > > __auth_row[1]), __auth_row[1]) == 0) ? 1 : 0;
> > > >     }
> > > > -- snip --
> > > >
> > > > or am I misreading this?
> > >
> > >   Nope, that's indeed how it works.  The same thing works with md5 hash
> > > passwords, as the first 8 chars are the salt (and the same crypt()
> > > function handles them both).
> > >
> > >
> > > --
> > > Jesse Norell
> > >
> > > [EMAIL PROTECTED] is not my email address;
> > > change "administrator" to my first name.
> > > --
> > >
> > > _______________________________________________
> > > Dbmail-dev mailing list
> > > Dbmail-dev@dbmail.org
> > > http://twister.fastxs.net/mailman/listinfo/dbmail-dev
> > _______________________________________________
> > Dbmail-dev mailing list
> > Dbmail-dev@dbmail.org
> > http://twister.fastxs.net/mailman/listinfo/dbmail-dev
> > 
> -- End Original Message --
> 
> 
> --
> Jesse Norell
> 
> [EMAIL PROTECTED] is not my email address;
> change "administrator" to my first name.
> --
> 
> _______________________________________________
> Dbmail-dev mailing list
> Dbmail-dev@dbmail.org
> http://twister.fastxs.net/mailman/listinfo/dbmail-dev
> 
-- End Original Message --


--
Jesse Norell

[EMAIL PROTECTED] is not my email address;
change "administrator" to my first name.
--

Reply via email to