that's what I'm doing, but crypt() will give different results dependant on
the size and composition of the salt. So I need to truncate it to the proper
length. I tried it both ways, and it didn't work with the whole stored PW.
-Micah
On Wednesday 02 June 2004 04:24 pm, Feargal Reilly wrote:
On Wed, 2 Jun 2004 16:02:45 -0700
Micah <[EMAIL PROTECTED]> wrote:
> Thanks Paul and Jesse,
>
> I got it.. the php crypt() is the one to use.. in case anyone
> else is hacking in php, here's what I found to work:
>
> $pwtype = the type as recorded in the encryption type field in
> the user table
ort md5 hash's if the host OS does (and the CRYPT_MD5 constant
> is set if that's the case).
>
>
> Original Message
> From: Jesse Norell
> To: dbmail-dev@dbmail.org
> Subject: Re: [Dbmail-dev] crypt pw comparison.
> Sent: Wed, 2 Jun 2004 15:36:01 -0600
To: dbmail-dev@dbmail.org
Subject: Re: [Dbmail-dev] crypt pw comparison.
Sent: Wed, 2 Jun 2004 15:36:01 -0600 (MDT)
>
> php's (and perl's) md5() is just an md5 digest - in dbmail,
> look for a makemd5() function and you're set.
>
>
> Original Messag
php's (and perl's) md5() is just an md5 digest - in dbmail,
look for a makemd5() function and you're set.
Original Message
From: Micah
To: Jesse Norell <[EMAIL PROTECTED]>, DBMAIL Developers Mailinglist
Subject: Re: [Dbmail-dev] crypt pw comparison.
Sent: Wed
Okay. Thanks, now I have to figure out how to convert the hex string that the
php md5() function returns into something that I can compare with. I have a
funny feeling I'm going to end up writing my own md5 routine.
-Micah
On Wednesday 02 June 2004 02:00 pm, Jesse Norell wrote:
> > Yet, the
> Yet, the auth function in mysqlauth.c uses the password as the salt:
>
> -- snip --
> else if ( strcasecmp(__auth_row[2], "crypt") == 0)
> {
> trace (TRACE_DEBUG,"auth_validate(): validating using crypt()
> encryption");
> is_validated = (strcmp( (const char *) crypt(password,
des-crypt uses the first two chars from the encrypted char[13] string as
salt.
md5-crypt (a gnu extension) uses as slightly different approach
Micah wrote:
When comparing a supplied password with a stored pw using crypt(), what salt
should I use? Doesn't this have to match the salt originally
Taking a look at the adduser code, it looks like a semi-random salt is being
used:
-- snip --
if (strncasecmp(argv[1], "{crypt:}", strlen("{crypt:}")) == 0)
{
/* encrypt using crypt() */
strcat(pw,crypt(&argv[1][strlen("{crypt:}")], cget_salt()));
useridnr = auth_adduser(ar
Hi again,
When comparing a supplied password with a stored pw using crypt(), what salt
should I use? Doesn't this have to match the salt originally used to generate
the crypt()'d password?
I haven't dealt with this function before. Sorry if it's a dumb question.
-Micah
10 matches
Mail list logo
