Re: Fwd: MD5 hash question

Thu, 06 Jul 2000 12:53:47 -0700 


In a message dated: Thu, 06 Jul 2000 14:27:19 CDT
Thomas Charron said:

>  Actually, scratch that, I was on crack.  After looking, we're using SHA1 
>digests, *NOT* MD5.  Ryan, crack me in the head later..
>
>  In our case, we're using Digests, which I suspect is a little different from
> 
>what Paul is trying to do.  If you're interested in the Digests, which can be 
>used for authentication, take a look at Digest::MD5.

Actually, I am using the Crypt-PasswdMD5-1.0 module which is dependant upon 
the Digest::MD5 module.  I'm just not sure how I'd go about creating a 
password.  Would this suffice:

        #!/usr/bin/perl 

        my ($password) = shift;
        my (@salt) = ('a..z','A..Z','0..9','.','/');    # Legal salt characters

        # need a 12 character salt (according to Niall :)
        
        $salt = int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) . 
                int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) . 
                int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) . 
                int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) ;

        $cryptedpassword = unix_md5_crypt($password, $salt); 

Creating the salt is what seems to be eluding me.  Somewhere for a normal
DES/unix password I came up with this algorithm:

        my (@salt) = ('a..z','A..Z','0..9','.','/');    # Legal salt characters
        $salt = rand(@salt) . rand(@salt);

Which doesn't seem to make sense, since you want the salt to be a 2 character 
string, and rand seems to be returning a float.  Which, if appended together, 
results in a mess.

Ironically, it seems to work.  Also, according to the code in the 
Crypt::PasswdMD5 module, the salt can only be 8 characters.

So, I guess at this point, I need to ask, How do I do this :)


-- 
Seeya,
Paul
----
        "I always explain our company via interpretive dance.
             I meet lots of interesting people that way."
                                          Niall Kavanagh, 10 April, 2000

         If you're not having fun, you're not doing it right!



**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to