From owner-freebsd-questions Wed Nov 11 13:16:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA03707 for freebsd-questions-outgoing; Wed, 11 Nov 1998 13:16:21 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from pcr7.pcr.com ([204.27.235.47]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA03686 for ; Wed, 11 Nov 1998 13:16:10 -0800 (PST) (envelope-from matt@pcr7.pcr.com) Received: from [204.27.235.71] by pcr7.pcr.com (AIX 3.2/UCB 5.64/4.03) id AA64155; Wed, 11 Nov 1998 16:15:49 -0500 Message-Id: <004601be0db8$e47578c0$47eb1bcc@XSTA71.pcr.com> From: "Matthew R. Heusser" To: Subject: Help! Password Compares in FreeBSD Date: Wed, 11 Nov 1998 16:14:07 -0500 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002A_01BE0D8E.4EE4FEE0" X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-Mimeole: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_002A_01BE0D8E.4EE4FEE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello! This is a question about validating passwords over the web via CGI, but I think any FreeBSD systems=20 expert should be able to figure it out w/o knowing perl or CGI. Here goes ... Right now, I have a HTML page running on a FreeBSD server. The HTML page accepts a username and password, and then calls a perl (CGI) process. The perl process finds the /etc/passwd file and parses it, searching for the username. When it finds the username, it grabs the encrypted password. It then takes the 'guess' password, and crypts it as follows - $stringCipher =3D crypt($stringGuess, $stringTemp)=20 (Where $temp is the first two characters of the encrypted password)(*) Then the following is executed: (psuedo code) If stringCipher equals stringCryptedPassword=20 do_stuff else error_message The code works fine under AIX, but bombs under FreeBSD. (*) - The crypt-style is MD5, so I'm not sure If I should grab the = first two characters of the encrypted password, as they all start "$1$" -- I got the idea from "Programming Perl" under "Crypt", pas 153. I've searched through "Perl CGI Programming", "Learning Perl", "An intro to Berkley Unix", "Unix Admin. Guide for System V", as well as CGI FAQ, CGI-Security FAQ, and FreeBSD on-line docs. My conclusion is that the problem is OS or crypt-library specific (since if works on = AIX) any ideas? if you could respond by e-mail (matt@pcr7.pcr.com) that=20 would be greatly appreciated. thanks, =20 /*---------------------------------------------------------------------*/= Matthew R. Heusser, PCR Inc. E-mail: =20 Phone: (616)-554-1036 =20 /*---------------------------------------------------------------------*/= ------=_NextPart_000_002A_01BE0D8E.4EE4FEE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello!
 
This is a question about validating = passwords=20 over
the web via = CGI, but I think=20 any FreeBSD systems
expert should be able to figure it out w/o=20 knowing
perl or CGI.  Here goes ...
 
Right now, I have a HTML page running on a=20 FreeBSD
server.  The HTML page accepts a username and=20 password,
and then calls a perl (CGI) process.  The perl = process=20 finds
the /etc/passwd file and parses it, searching for = the=20 username.
When it finds the username, it grabs the encrypted=20 password.
 
It then takes the 'guess' password, = and crypts=20 it as follows -
 
$stringCipher =3D crypt($stringGuess, $stringTemp) =
  (Where $temp is the first two characters of = the=20 encrypted password)(*)
 
Then the following is executed: = (psuedo=20 code)
  If stringCipher equals=20 stringCryptedPassword
     = do_stuff
  else
    =20 error_message
 
 The code works fine under AIX, = but bombs=20 under FreeBSD.
 (*) - = The crypt-style=20 is MD5, so I'm not sure If I should grab the first
 two characters of the encrypted password, as = they all=20 start "$1$"
 
  -- I got the idea from = "Programming=20 Perl" under "Crypt", pas 153. I've
searched = through "Perl=20 CGI Programming", "Learning Perl", "An = intro
to Berkley Unix",  "Unix Admin. Guide = for=20 System V", as well as
CGI FAQ, CGI-Security FAQ, and FreeBSD on-line = docs.  My=20 conclusion
is that the problem is OS or crypt-library specific = (since if=20 works on AIX)
 
  any ideas?   if you could respond = by e-mail=20 (matt@pcr7.pcr.com) that =
would be greatly appreciated.
 
thanks,
  =
 
/*--------------------------------------------------------------= -------*/
Matthew=20 R. Heusser,  PCR Inc.
E-mail:  <Matt@pcr7.pcr.com>  &n= bsp;    =20
Phone:  (616)-554-1036  =20
/*-------------------------------------------------------------------= --*/
------=_NextPart_000_002A_01BE0D8E.4EE4FEE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message