In a message dated: Thu, 06 Jul 2000 15:19:40 CDT
Thomas Charron said:
>Quoting Paul Lussier <[EMAIL PROTECTED]>:
>> Actually, I am using the Crypt-PasswdMD5-1.0 module which is dependant upon
>> the Digest::MD5 module. I'm just not sure how I'd go about creating a
>> password. Would this suffice:
>> #!/usr/bin/perl
>>
>> my ($password) = shift;
>> my (@salt) = ('a..z','A..Z','0..9','.','/'); # Legal salt characters
>>
>> # need a 12 character salt (according to Niall :)
>>
>> $salt = int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
>> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
>> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
>> int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) ;
>> $cryptedpassword = unix_md5_crypt($password, $salt);
>
> After additional reading, yes, this will work, however, only pass it an 8
>character salt. The module does a $salt = substr($salt, 0, 8); so providing
>more is useless. In the case of this module, it's an 8 char salt.
Actually, this isn't exactly the way you need to do it. Thanks to Karl for
pointing out the error of my ways.
First, the line:
my (@salt) = ('a..z','A..Z','0..9','.','/');
should be:
my (@salt) = (a..z,A..Z,0..9,'.','/');
and the line:
$salt = int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) .
int(rand(@salt)) . int(rand(@salt)) . int(rand(@salt)) ;
should be:
$salt .= $salt[rand(@salt);
wrapped in a for loop thusly:
for ($i=0;$i < 8;$i++) {
$salt .= $salt[rand (@salt)];
}
The fist line was incorrectly defined as a 5 element array containing the
strings 'a..z', 'A-Z', '0..9, '.', and '/'. The single quote marks around the
character ranges defined them as strings o 4 characters each, which worked,
but isn't the intention. removing the quote marks creates a 64 element array
containing all the lowercase, uppercase, and numerical characters, plus the
period and the slash.
The second line which concatenated the return from the multiple calls to rand
also wasn't what was needed. What I needed was to randomly grab 1 element of
the 64 element array 8 times, and concatenate those into a singe 8 character
string. What I was doing was randomly generating 12 numbers (4 too many)
between the lower and upper bounds determined by 0 and the number of elements
in array, taking the integer portion, and cramming those numbers together.
Granted, this *does* work, but you end up with a significantly smaller
possible number of salts to use.
The new script looks like this:
#!/usr/bin/perl
use Crypt::PasswdMD5;
my ($password) = shift;
my (@salt) = (a..z,A..Z,0..9,'.','/'); # Legal salt characters
my ($salt);
for ($i=0;$i < 8;$i++) {
$salt .= $salt[rand @salt];
}
$cryptedpassword = unix_md5_crypt($password, $salt);
Thanks a lot both Karl and Tom.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
