sandhuperl has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I am trying to emulate Cisco PIX's password hash creation to create pre-set firewall configurations. Cisco PIX password hash is supposed to be md5 hash of the password string that is base64 encoded. Sample of the code to this in C is here:
http://www.hsc.fr/ressources/breves/pix_crack.html.en

When I try to do this in perl, I don't get the same result. Here's how I am trying to generate the hash in perl:
perl -MMIME::Base64 -mDigest::MD5 -e 'print encode_base64(Digest::MD5::md5("cisco"),"\n")'

The output is
"3+rxA5DlYK6nRcy6U+BE7Q=="

Compared to the perl output, Cisco PIX and couple of other utilities that emulate PIX, give this output:
"2KFQnbNIdI.2KYOU"

Can someone help me figure out why this difference between the two outputs?

Replies are listed 'Best First'.
Re: Creating base64 encoded MD5 hash
by almut (Canon) on Sep 26, 2009 at 00:41 UTC

    It doesn't really do base64 encoding in the usual sense, but rather only uses 24 bits of every 32 bit group of the md5 hash (thus the shorter length of the result). Also, it pads the input password with zeros (up to length 16), which produces a different md5 hash to start with.

    Anyway, here's a quick-n-dirty reimplementation of the C code in Perl: 

    #!/usr/bin/perl

use Digest::MD5;

my $passw = "cisco";

$passw .= "\0" x (16-length($passw));  # pad with zeros

my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr
+stuvwxyz";

sub pseudo_base64 {
    my $md5 = shift;
    my $s64 = "";
    for my $i (0..3) {
        my $v = unpack "V", substr($md5, $i*4, 4);
        for (1..4) {
            $s64 .= substr($itoa64, $v & 0x3f, 1);
            $v >>= 6;
        }
    }
    return $s64;
}

print pseudo_base64(Digest::MD5::md5($passw)),"\n";   # 2KFQnbNIdI.2KY
+OU

    [download]
[reply]
[d/l]
Re: Creating base64 encoded MD5 hash
by merlyn (Sage) on Sep 26, 2009 at 00:41 UTC
    Well, just experimenting with the "openssl" command shows me this: 
    % echo -n cisco | openssl -binary md5 | openssl base64
3+rxA5DlYK6nRcy6U+BE7Q==

    [download]
    which is the same thing you get. So somewhere, the description is not as they say. You'll have to investigate upstream.

    -- Randal L. Schwartz, Perl hacker

    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

[reply]
[d/l]

Back to Seekers of Perl Wisdom