Date: Tue, 10 Jul 2001 08:23:47 -0400 From: Mike Tancsa <mike@sentex.net> To: Jim Weeks <jim@siteplus.net> Cc: stable@freebsd.org Subject: Re: Generating encrypted passwords Message-ID: <4.2.2.20010710081901.05a68008@192.168.0.12> In-Reply-To: <Pine.BSF.4.21.0107100336560.1040-100000@veager.siteplus.ne t> References: <200107100306.NAA21657@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
What about a srand (time ^ $$ ^ unpack "%L*", `ps -auxw | gzip`); at the start of your program and for the salt, I use this to generate md5 salts which I think I got from cpan IIRC. sub salt { local($salt); # initialization local($i, $rand); local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63 warn "calculate salt\n" if $verbose > 1; # to64 for ($i = 0; $i < 8; $i++) { $rand = rand(25*29*17 + $rand); $salt .= $itoa64[$rand & $#itoa64]; } warn "Salt is: $salt\n"; return $salt; } At 03:45 AM 7/10/2001 -0400, Jim Weeks wrote: >Here is one I wrote some time ago to allow clients to create a simple >.htpasswd file. I feed it Username: $Form{'login'}, >NewPass: $Form{'np'}, and VerifyPass: $Form{'vp'} from a web >form. > >Maybe it will give you some ideas ;-) > >-- >Jim Weeks > >#!/usr/bin/perl > >if ($ENV{'REQUEST_METHOD'} eq "GET") { > $buffer = $ENV{'QUERY_STRING'}; >} >elsif ($ENV{'REQUEST_METHOD'} eq "POST") { > read(STDIN,$buffer,$ENV{'CONTENT_LENGTH'}); >} >@cgiPairs = split(/&/,$buffer); > >foreach $cgiPair (@cgiPairs){ > ($name,$value) = split(/=/,$cgiPair); > $value =~ s/\+/ /g; > $value =~ s/%(..)/pack("c",hex($1))/ge; > $Form{$name} .= "\0" if (defined($Form{$name})); > $Form{$name} .= "$value"; >} >undef $name; undef $value; > >print "Content-Type: text/html\n\n"; # Start HTML output. > >unless ($Form{'login'}) { >print "No user name was entered"; >exit; >} >unless ($Form{'np'} && $Form{'vp'}) { >print "Please enter your password in both boxes"; >exit; >} >if ($Form{'np'} ne $Form{'vp'}) { >print "Passwords do not match"; >exit; > } >else { > >@passset = ('a'..'z'); > for ($i = 0; $i < 2; $i++) { > $randum_num = int(rand($#passset + 1)); > $salt .= @passset[$randum_num]; > } >$htpass = crypt($Form{'np'}, "$salt"); > >print "$Form{'login'}:"; >print "$htpass\n"; >} > > >On Tue, 10 Jul 2001, Gregory Bond wrote: > > > I need to generate some encrypted passwords in a config file for an > > application (i.e. not in /etc/master.passwd). > > > > AFAICT there are no utilities in FreeBSD 4 that will do this. So I > whipped up a > > 10-line perl script to build a random salt, get the password and call > crypt(). > > This is OK, but uglier and harder than it needs to be (as I had to fossick > > around a bit to find the right way to generate a salt.) > > > > Is this something worth adding to (e.g.) pw(8)? If so, I can whip up some > > patches..... > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-stable" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010710081901.05a68008>