Hmmm mandrake 8 uses a different algorithm... not md5... outputs 34 
characters, $ and / included (i think DES outputs alpha-numeric only. not 
sure though). I sent an e-mail to a mandrake mailing list, until then here's 
what I wrote before I actually looked at my /etc/shadow file. Should work for 
other distros...

On Thursday 04 October 2001 09:41 pm, you wrote:
> First off, if you don't already know, the linux passwords are stored in the
> /etc/passwd file (unless you have a shadow suite installed, in which case
> /etc/shadow would be a good bet.) Basing this on a shadow file, the file is
> a text document with one user per line. The entries are stored in the
> following format:
> username:passwd:last:may:must:warn:expire:disable:reserved. All you really
> need for changing the password is the passwd section, although the other
> sections could be useful.
> The password is not stored as plaintext, has been crypted (may be a new
> word...). Now, if you aren't familier with crypt, it is based on the DES,
> which is a symetrical algorithm. The password (called salt in this case) is
> a two character string chosen from [a-zA-Z0-9./]. This means there are
> (getting calculator out...) ((2)26+10+2)squared=4096 possible versions of
> the string.
> Now I don't know if a different salt is used for each user or if it is
> uniform throughout. I'll put together a script that crypts my password with
> every salt string possible and checks it against my shadow file, then tries
> that salt with other passwords on my box. Fun project.
> So basically, you would have to find the correct salt, crypt the new
> password, then use PHP's file functions to manipulate the passwd/shadow
> file- which brings up yet another problem- security. Do you really want to
> give PHP access to your passwd/shadow file??? Also, if I were you I would
> verify their old password too... just in case bob tries to change sue's
> password.
> If anything in here is outdated or just plain wrong please tell me.
> Evan Nemerson
> PS i thought /usr/bin/md5 should exist so here:
> #!/usr/local/bin/php -q
> <?php
> unset($argv[0]);
> echo md5(trim(implode(" ",$argv)))."\n";
> ?>
> On Thursday 04 October 2001 07:28 pm, you wrote:
> > What is the best way to change linux passwords using a web .PHP
> > interface? I currently allow FTP access to php enabled webhosting sites;
> > which use safe mode, thus use real linux accounts.
> >
> > Thus far I thought I would:
> >
> > Write a real short C program which would call allow to go
> >         setpasswd <username> <passwd>
> >         passwd could perhaps be the crypt() version to provide better
> > security? it would just call passwd, and ensure that username is not
> > 'root' and a few other accounts ;)
> >
> > Then I would put that program within the directory of executables allowed
> > in safe mode. And just have a plain http post form to update the
> > password, running over HTTPS.
> >
> > Does this seem a good plan ... or are there better?
> >
> > It also begs the question; how do I authenticate an account using php ...
> > to login to their 'change password' feature? I have already spent alot of
> > time trying to merge password files for different uses; Windows
> > shares, Linux ones, for samba, and this and that, so it'd be nice to now
> > have yet another passwd file :)
> >
> > Siggy
#!/usr/local/bin/php -q


$password["plain"] = "plaintext password here. sorry no example today ;)";
$password["cipher"] = "and the ciphertext version here from the /etc/shadow or /etc/passwd file";

$chars = Array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9","/",".");

foreach($chars as $alpha) {
	foreach($chars as $beta) {

foreach($slt as $salt){
	if($done==0) {
		if($cipher == $password["cipher"]) {
			echo "SALT: $salt\n";
echo "\n"; ?>
PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to