[Canberra-pm] crypt behaviour

Alex Satrapa grail at goldweb.com.au
Tue Jun 5 20:38:28 PDT 2012


Ah, I found the Perl module of interest: Crypt::PasswdMD5

So rather than
$crypted = crypt('password', 'salt');

Use Crypt::PasswdMD5;
$crypted = unix_md5_crypt('password', 'salt');

But then you no longer have the protection of using a crypt feature that many people dont know about (say, the people migrating your software to Mac OS X or Windows) :)

Alex Satrapa | web.mac.com/alexsatrapa | Ph: 0407 705 332

On 06/06/2012, at 13:19, Adam Clarke <adam.clarke at strategicdata.com.au> wrote:

> From crypt(3) manpage on an old (Etch) Debian box ...
> 
> GNU EXTENSION
>       The glibc2 version of this function has the following  additional  fea‐
>       tures.   If  salt is a character string starting with the three charac‐
>       ters "$1$" followed by at most eight characters, and optionally  termi‐
>       nated  by  "$",  then instead of using the DES machine, the glibc crypt
>       function uses an MD5-based algorithm,  and  outputs  up  to  34  bytes,
>       namely  "$1$<string>$", where "<string>" stands for the up to 8 charac‐
>       ters following "$1$" in the salt, followed by 22 bytes chosen from  the
>       set [a–zA–Z0–9./].  The entire key is significant here (instead of only
>       the first 8 bytes).
> 
> On 06/06/2012, at 1:09 PM, Alex Satrapa wrote:
> 
>> According to http://www.perlmonks.com/?node_id=62392 there is a means to get crypt to use MD5 by providing an 8-byte salt preceded by $1$.
>> 
>> This doesn't work on Mac OS X or, as indicated on that page, under Active Perl for Windows.
>> 
>> Does anyone know where this MD5 magic behavior of crypt is documented?
>> 
>> Alex Satrapa | web.mac.com/alexsatrapa | Ph: 0407 705 332
>> _______________________________________________
>> Canberra-pm mailing list
>> Canberra-pm at pm.org
>> http://mail.pm.org/mailman/listinfo/canberra-pm
> 
> _______________________________________________
> Canberra-pm mailing list
> Canberra-pm at pm.org
> http://mail.pm.org/mailman/listinfo/canberra-pm


More information about the Canberra-pm mailing list