Date: Tue, 10 Jul 2001 08:23:47 -0400 From: Mike Tancsa <mike@sentex.net> To: Jim Weeks <jim@siteplus.net> Cc: stable@freebsd.org Subject: Re: Generating encrypted passwords Message-ID: <4.2.2.20010710081901.05a68008@192.168.0.12> In-Reply-To: <Pine.BSF.4.21.0107100336560.1040-100000@veager.siteplus.ne t> References: <200107100306.NAA21657@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
What about a
srand (time ^ $$ ^ unpack "%L*", `ps -auxw | gzip`);
at the start of your program
and
for the salt, I use this to generate md5 salts which I think I got from
cpan IIRC.
sub salt {
local($salt); # initialization
local($i, $rand);
local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
warn "calculate salt\n" if $verbose > 1;
# to64
for ($i = 0; $i < 8; $i++) {
$rand = rand(25*29*17 + $rand);
$salt .= $itoa64[$rand & $#itoa64];
}
warn "Salt is: $salt\n";
return $salt;
}
At 03:45 AM 7/10/2001 -0400, Jim Weeks wrote:
>Here is one I wrote some time ago to allow clients to create a simple
>.htpasswd file. I feed it Username: $Form{'login'},
>NewPass: $Form{'np'}, and VerifyPass: $Form{'vp'} from a web
>form.
>
>Maybe it will give you some ideas ;-)
>
>--
>Jim Weeks
>
>#!/usr/bin/perl
>
>if ($ENV{'REQUEST_METHOD'} eq "GET") {
> $buffer = $ENV{'QUERY_STRING'};
>}
>elsif ($ENV{'REQUEST_METHOD'} eq "POST") {
> read(STDIN,$buffer,$ENV{'CONTENT_LENGTH'});
>}
>@cgiPairs = split(/&/,$buffer);
>
>foreach $cgiPair (@cgiPairs){
> ($name,$value) = split(/=/,$cgiPair);
> $value =~ s/\+/ /g;
> $value =~ s/%(..)/pack("c",hex($1))/ge;
> $Form{$name} .= "\0" if (defined($Form{$name}));
> $Form{$name} .= "$value";
>}
>undef $name; undef $value;
>
>print "Content-Type: text/html\n\n"; # Start HTML output.
>
>unless ($Form{'login'}) {
>print "No user name was entered";
>exit;
>}
>unless ($Form{'np'} && $Form{'vp'}) {
>print "Please enter your password in both boxes";
>exit;
>}
>if ($Form{'np'} ne $Form{'vp'}) {
>print "Passwords do not match";
>exit;
> }
>else {
>
>@passset = ('a'..'z');
> for ($i = 0; $i < 2; $i++) {
> $randum_num = int(rand($#passset + 1));
> $salt .= @passset[$randum_num];
> }
>$htpass = crypt($Form{'np'}, "$salt");
>
>print "$Form{'login'}:";
>print "$htpass\n";
>}
>
>
>On Tue, 10 Jul 2001, Gregory Bond wrote:
>
> > I need to generate some encrypted passwords in a config file for an
> > application (i.e. not in /etc/master.passwd).
> >
> > AFAICT there are no utilities in FreeBSD 4 that will do this. So I
> whipped up a
> > 10-line perl script to build a random salt, get the password and call
> crypt().
> > This is OK, but uglier and harder than it needs to be (as I had to fossick
> > around a bit to find the right way to generate a salt.)
> >
> > Is this something worth adding to (e.g.) pw(8)? If so, I can whip up some
> > patches.....
> >
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administration, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010710081901.05a68008>