On Fri, Feb 21, 2014 at 10:45:29AM -0600, Matthew Weigel wrote:
> On 2014-02-21 9:24, Matthew Weigel wrote:
> >On 2014-02-21 5:09, Joel Carnat wrote:
> >
> >Here is a short
> >script that should run fine on a stock OpenBSD machine to generate a
> >bcrypt hash suitable for the userPassword attribute of ldapd.
>
> Nope nope nope. That script is incorrect in a couple of ways. Most
> significantly it leaks the first two bits of the user's password, because I
> didn't understand how to pass the salt correctly. I don't know if anyone
> actually WANTS a corrected version of the script, but I can't leave the
> uncorrected one out there.
>
> #! /usr/bin/perl
> use strict;
>
> while(<>) {
> my $salt = '';
> my $new_pw = $_;
> chomp($new_pw);
>
> my @chars = split //,
> "./ABCDEFGHIJKLMN" .
> "OPQRSTUVWXYZabcd" .
> "efghijklmnopqrst" .
> "uvwxyz0123456789";
>
> for (my $i = 0; $i < 21; $i++) {
> $salt .= $chars[int(rand($#chars+1))];
> }
>
> $salt .= $chars[int(rand(4))*16];
>
> my $rnd_salt = '$2a$08$' . $salt;
>
> my $hash = crypt($new_pw, $rnd_salt);
> print("$hash\n");
> }
>
Honestly why are you not using encrypt(1)
echo -n '{CRYPT}'; encrypt password
{CRYPT}$2a$06$A2vVAo7wVbIiGNjcbBkfNeRXO6TtCe/MA0TVhdu6qUpsy0bMI5St2
Much easier.
--
:wq Claudio
