Quoting Paul Lussier <[EMAIL PROTECTED]>:
> Actually, I am using the Crypt-PasswdMD5-1.0 module which is dependant upon
> the Digest::MD5 module. I'm just not sure how I'd go about creating a
> password. Would this suffice:
> #!/usr/bin/perl
>
> my ($password) = shift;
> my (@salt) = ('a..z','A..Z','0..9','.','/'); # Legal salt characters
>
> # need a 12 character salt (according to Niall :)
>
> $salt = int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) ;
> $cryptedpassword = unix_md5_crypt($password, $salt);
After additional reading, yes, this will work, however, only pass it an 8
character salt. The module does a $salt = substr($salt, 0, 8); so providing
more is useless. In the case of this module, it's an 8 char salt.
> Creating the salt is what seems to be eluding me. Somewhere for a normal
> DES/unix password I came up with this algorithm:
> my (@salt) = ('a..z','A..Z','0..9','.','/'); # Legal salt characters
> $salt = rand(@salt) . rand(@salt);
> Which doesn't seem to make sense, since you want the salt to be a 2
> character
> string, and rand seems to be returning a float. Which, if appended
> together,
> results in a mess.
I believe that rand(@thing) equates to doing a $thing(rand($#thing)). In any
case, yes, this is correct..
> Ironically, it seems to work. Also, according to the code in the
> Crypt::PasswdMD5 module, the salt can only be 8 characters.
Yep, and looking at the source of the module, it only uses 8. Passing more
then 8 gets chopped..
> So, I guess at this point, I need to ask, How do I do this :)
I can now see the confusion. The crypt that uses MD5 doesn't just use an MD5
digest. It uses the digest of the digest recusivly 1000 times. See this
snippet from what the module actually does:
for ($i = 0; $i < 1000; $i++) {
$ctx1 = new MD5;
if ($i & 1) { $ctx1->add($pw); }
else { $ctx1->add(substr($final, 0, 16)); }
if ($i % 3) { $ctx1->add($salt); }
if ($i % 7) { $ctx1->add($pw); }
if ($i & 1) { $ctx1->add(substr($final, 0, 16)); }
else { $ctx1->add($pw); }
$final = $ctx1->digest;
}
Essentually, it's digests it 1000 times, combinging digests of the salt, the
password, and recursivly itself. Jesus is it ugly and wicked overkill.. ;-P
To answer your question, this snippet would work fine:
#!/usr/bin/perl
my ($password) = shift;
my (@salt) = ('a..z','A..Z','0..9','.','/'); # Legal salt characters
my $FullSalt;
for(my $i = 0; $i < 8;$i++)
{
$FullSalt .= rand(@salt);
}
$cryptedpassword = unix_md5_crypt($password, $salt);
NOT tested, but it's basically the idea that you had earlier..
---
Thomas Charron
<< Wanted: One decent sig >>
<< Preferably litle used >>
<< and stored in garage. ?>>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
