Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: Re: MD5?

by pmme (Initiate)
on Sep 17, 2002 at 20:02 UTC ( #198615=note: print w/replies, xml ) Need Help??

in reply to Re: MD5?
in thread How to use MD5?

is there any reason why this wouldn't work then
#! /usr/bin/perl use Digest::MD5 qw(md5 md5_hex md5_base64); my $password = 'hello'; my $encrpass = md5_hex($password); system "adduser -p $encrpass bob";
I know its dodgy running system commands like that, but i stress i just knocked this up real quick to see if it would work.

When i try to log in as bob with the pass of hello, it won't let me in

Replies are listed 'Best First'.
Re: Re: Re: MD5?
by fokat (Deacon) on Sep 17, 2002 at 20:56 UTC
    The friendly crypt() function that you're likely to find in any *nix operating system, applies a (hopefully) cryptographically strong hashing function to the supplied password and salt. The general idea behind this, is converting the cleartext password you gave it into a hash (some people uses the term signature).

    With that hash, it is computationaly infeasible to find a strong-enough password. What this means in lay man terms, is that it is very hard to learn the original (cleartext) password out of the hash and salt that lives in /etc/passwd.

    I know of two common implementations of the crypt() functions: The DES based and the MD5 based. Newer systems tend to use the MD5 based crypt(), for a number of reasons.

    Note that the MD5-based crypt() is not the same as obtaining the hash of your password with Digest::MD5 or similar. The algorythm used internally by the MD5-based crypt() uses a number of transformations in which the MD5 algorythm is used, but is very different.

    Crypt::PasswdMD5 implements this algorythm in Perl, allowing you to reproduce the result of said crypt() functions in non-*nix systems or systems without a compatible crypt() implementation.


Re: Re: Re: MD5?
by mdillon (Priest) on Sep 17, 2002 at 20:13 UTC
    This sets the password to the hex-encoded MD5 digest of the password (which eventually gets encoded using some variant of crypt before making it into your /etc/passwd). So it would "work", except that instead of typing the actual password at the prompt, you'd need to type in the MD5 hash. I doubt this is what you want.
      not realy, so how would i get round this?
        That depends on how you're using the password. Are you trying to encrypt the password in Perl and then include it in a command line? If so, what is that command line? Specifically, are you going to be sticking the crypted password into a passwd file directly, using Perl, or are you using some other utility (like adduser or htpasswd) to modify the passwd file? What is the actual problem you're aiming to solve?

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://198615]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2023-01-28 22:39 GMT
Find Nodes?
    Voting Booth?

    No recent polls found