Re: [PHP] Re: PHP Crypt on MacOSX

[Kris]

Galen P.Zink wrote:
Kris,
I doubt there's no way to do this under OS X. Maybe by default, you 
have a curve ball to deal with. But considering the kernel is open 
source, you could make this OS do anything... literally :)
That is how I feel as well.  Being a long-time *nix/BSD user.. I have 
heard it before and never believe it cant be done.  I remember back on 
the C64, they said the computer would not support a 9600BAUD modem, then 
one day I am plugging one into my cartridge port and getting blazing 
speeds (LOL This was in the eighties obviously)...

A second problem, and why I want to create some PHP to mimic crypt() 
unix style passwords without actually using crypt() is due to the fact 
that this box is not my box and so the option of modifying the OS is 
currently not an option.  Consider this thread dead unless someone else 
has a solution.  Thanks for thinking it through.  Your time has been 
greatly appreciated.

A side note; I am amazed that no one else on this list can or is jumping 
into this discussion about using PHP to mimic PHP's crypt() function in 
order to create unix style MD5 passwords.  I know it has been done 
before, and can be done probably many different ways.  The idea of using 
system() or exec() to call MD5 is an option I will be looking into, 
however, I know there must be another option.  I have considered 
rewriting my own version of crypt() to not use libmcrypt but the 
information on the C-like Zend language used to write your own embedded 
PHP functions is a bit vague in regards to me getting over the learning 
curve.  My other option is to just move this to another server and then 
my existing crypt() based code will resume functioning as expected.

I dont except a reply from Rasmus or Zeev, as they are extremely busy 
guys, however, I won't stop them if they are interested in this thread.

Help me Obi Won, you are my only hope. LOL
Take Care,
Kris
[EMAIL PROTECTED]
Where is your PHP package coming from? If you've already been using 
the http://entropy.ch binary, maybe you should try compiling your own. 
Or get (and either compile yourself or just install binaries) it via 
fink (http://fink.sf.net/) which often gives you different options for 
libraries to use and such during install. Or any number of other 
options. I wonder if there is some build option or something setup in 
the configuration process that affects this. I seriously wonder how 
libmcrypt could have this sort of limitation under OS X, but I am not 
that type of programmer.

I would encourage you to play with this and post your results to the 
php-general list as well as letting me know how it goes.

-Galen
On Nov 3, 2004, at 2:31 PM, Kris wrote:
Galen,
Thank you for the response.  I understand where you are coming from; 
your use of MD5 hash.  In short, my goal is to recreate crypt()'s 
method of creating unix style passwords without using PHP's 
built-in crypt() function... (as seen in /etc/shadow on a *nix 
server, ie. $1$sed$blaaah instead of standard MD5 hash which 
does not use $1$$ to store a seed.)

Ultimately, my problem exists related to the server I am using, where 
the server's PHP crypt (using libmcrypt) returns with the fact that
CRYPT_MD5 = 0 .

In researching, I have been told that this is a limitation of Mac OS 
X, that there is no way to have libmcrypt support both DES and MD5 
on this OS.. but I know there must be a way because it is easy to 
have a FreeBSD server use both DES and MD5.

I had an old BSD box online for years.. where old account passwords 
in /etc/shadow were encrypted via two character salt DES.  One day, I 
made a simple change to the box's config and then any new accounts 
created would use MD5.  The coolest part is that any old passwords 
in DES could remain DES, and BSD's libmcrypt could determine if a 
passwd in /etc/shadow was DES or MD5 and handle accordingly.  
Obviously, this kept me from having to call clients and change their 
password so as to re-encrypt their respective /etc/shadow entry into 
MD5.

I hope this email better explains my situation.   I'll check out man 
md5 on the Mac box and see what I can figure out.  In the meantime, 
if this email helps to generate any ideas which may be helpful in my 
current quest, your input would be most appreciated.

Thanks again,
Kris
Galen P.Zink wrote:
Kris,
I'm not quite sure what you mean here. When I work with md5, I 
always have considered it to work like this:

string - md5 = hash
On any system, the md5 binary, md5 php function, and MySQL md5 (in 
most cases - though in certain situations you could have problems if 
you have a field of the wrong type or length) all work exactly alike.

This is how I have always thought of md5 and considered it to be 
standard and I've never had a problem with it. I've made dozens of 
web and other php/mysql applications.

There have never been seeds or anything else involved in my 
experiences. I do know that in some cases a salt is setup on 
certain unix 

Re: [PHP] Re: PHP Crypt on MacOSX

[Kris]

Galen,
Thank you for the response.  I understand where you are coming from; 
your use of MD5 hash.  In short, my goal is to recreate crypt()'s method 
of creating unix style passwords without using PHP's built-in crypt() 
function... (as seen in /etc/shadow on a *nix server, ie. 
$1$sed$blaaah instead of standard MD5 hash which does not use 
$1$$ to store a seed.)

Ultimately, my problem exists related to the server I am using, where 
the server's PHP crypt (using libmcrypt) returns with the fact that
CRYPT_MD5 = 0 .

In researching, I have been told that this is a limitation of Mac OS X, 
that there is no way to have libmcrypt support both DES and MD5 on 
this OS.. but I know there must be a way because it is easy to have a 
FreeBSD server use both DES and MD5.

I had an old BSD box online for years.. where old account passwords in 
/etc/shadow were encrypted via two character salt DES.  One day, I made 
a simple change to the box's config and then any new accounts created 
would use MD5.  The coolest part is that any old passwords in DES 
could remain DES, and BSD's libmcrypt could determine if a passwd in 
/etc/shadow was DES or MD5 and handle accordingly.  Obviously, this kept 
me from having to call clients and change their password so as to 
re-encrypt their respective /etc/shadow entry into MD5.

I hope this email better explains my situation.   I'll check out man md5 
on the Mac box and see what I can figure out.  In the meantime, if this 
email helps to generate any ideas which may be helpful in my current 
quest, your input would be most appreciated.

Thanks again,
Kris
Galen P.Zink wrote:
Kris,
I'm not quite sure what you mean here. When I work with md5, I always 
have considered it to work like this:

string - md5 = hash
On any system, the md5 binary, md5 php function, and MySQL md5 (in 
most cases - though in certain situations you could have problems if 
you have a field of the wrong type or length) all work exactly alike.

This is how I have always thought of md5 and considered it to be 
standard and I've never had a problem with it. I've made dozens of 
web and other php/mysql applications.

There have never been seeds or anything else involved in my 
experiences. I do know that in some cases a salt is setup on certain 
unix systems. I don't know a lot more about this and I don't know how 
it applies to your situation. I would encourage you to look at man 
md5 in the command line under OS X which documents OpenSSL and md5 
well. I imagine there is a function there somewhere to work with the 
salt or seed or whatever you have going.

If you can give me some specific examples of your situation I might be 
able to help more, but I would encourage you to poke a little deeper 
yourself first. Let me know how it goes.

-Galen
On Nov 3, 2004, at 11:22 AM, Kris wrote:
Hi Galen,
Yes, OSX seems nice, however, still having a problem with MD5 on the 
box.

When I use MySQL's MD5('$password'), it generates MD5 but not in the 
traditional *nix manner, ie. $1$hy67ju86h$nughjgh86fgasdf.  Instead I 
seem to just get a hash, no $1$blahblahseed$, just a long string (MD5 
hash I presume).

My original problem is that, on my development server, I have MD5 
encrypted passwords in the manner shown above $1$yadayada$ I 
didnt see in the php MD5 how to recreate this without using crypt().  
I can get the seed $1$123456789$ into a $var but how do you get MD5 
to use the seed from a variable to compare db password against 
password data from a form?  Can you help?  Is this possible?

Thanks,
Kris
Galen wrote:
I use md5 all the time and OS X is my web development staging 
environment! I write and test all my scripts on OS X and then send 
off to the server. I don't use crypt, but I have never seen any 
problems going between the two. apache, php, mysql, rsync, ssh, scp, 
everything *nixy plus a nice interface makes OS X the ideal web 
development environment - at least for me.

Not only can MySQL do md5, there is an md5 function in php which 
I've used many times under OS X no problem:
http://us2.php.net/md5

If that wasn't enough, OS X ships with an md5 binary that's in the 
usual file path so typing md5 in the command line will pull it up 
and man md5 gives all the info you could need on using it. I don't 
encourage the use of the command line version of md5 for php because 
it will be slower than the built in php function, but it is there!

-Galen
On Oct 25, 2004, at 10:38 AM, Daniel Schierbeck wrote:
Kris wrote:
I recently moved a site to a MacOSX based Apache/PHP server.  
Apparently crypt only uses DES.  I read somewhere that there is 
no way to get it use use MD5, which sounds hard to beleive 
considering the OS is BSD based.
So.. here is my dilema.. My db contains usernames and passwords.  
The passwords are MD5 $1ljdslkjdsf$lkjdsaflkjdsf (created by 
crypt().)  So on this new box, new accounts created get DES 
passwords.  I just as well prefer to not see any DES encryptions 
used in this db.

Re: [PHP] Re: PHP Crypt on MacOSX

[Galen]

I use md5 all the time and OS X is my web development staging 
environment! I write and test all my scripts on OS X and then send off 
to the server. I don't use crypt, but I have never seen any problems 
going between the two. apache, php, mysql, rsync, ssh, scp, everything 
*nixy plus a nice interface makes OS X the ideal web development 
environment - at least for me.

Not only can MySQL do md5, there is an md5 function in php which I've 
used many times under OS X no problem:
http://us2.php.net/md5

If that wasn't enough, OS X ships with an md5 binary that's in the 
usual file path so typing md5 in the command line will pull it up and 
man md5 gives all the info you could need on using it. I don't 
encourage the use of the command line version of md5 for php because it 
will be slower than the built in php function, but it is there!

-Galen
On Oct 25, 2004, at 10:38 AM, Daniel Schierbeck wrote:
Kris wrote:
I recently moved a site to a MacOSX based Apache/PHP server.  
Apparently crypt only uses DES.  I read somewhere that there is no 
way to get it use use MD5, which sounds hard to beleive considering 
the OS is BSD based.
So.. here is my dilema.. My db contains usernames and passwords.  The 
passwords are MD5 $1ljdslkjdsf$lkjdsaflkjdsf (created by crypt().)  
So on this new box, new accounts created get DES passwords.  I just 
as well prefer to not see any DES encryptions used in this db.
Any Mac OSX'ers in here that may have a solution?  All my users 
recreating new passwords for their account is not an option.
Thanks for any ideas,
Kris
Can't you just use the db's (i assume you use MySQL, most do) built-in 
MD5 function?

	SELECT id, username FROM users WHERE username LIKE 'myuser' AND 
password = MD5('mypass') LIMIT 1

--
Daniel Schierbeck
Help spread Firefox (www.getfirefox.com): 
http://www.spreadfirefox.com/?q=user/registerr=6584

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php