[ot] How to crypt the way htpasswd does...

["Martin A. Langhoff" <ma...@scim.net>]

hi,

    I need to add/change users in .htpasswd files from an embperl script
(as if that could save my OT'ness). Now for the life of me I can't
reproduce the crypting mechanism in htpasswd.

    I've tried all the combinations of salts and thing I could imagine,
but I lack a solid *nix background, so maybe I'm making a fool of myself
with this simple question.

    Funny thing is, both Perl and htpasswd man pages claim they are
crypting in the customary unix way. But I just can't make'em match!


    thanks


martin
--                                                         --
To understand recursion, one must first understand recursion.
--                                                         --
    - Martin Langhoff @ S C I M  Multimedia Technology -
      - http://www.scim.net      | God is real until  -
      - mailto:mlangho@scim.net  | declared integer   -

Re: [ot] How to crypt the way htpasswd does...

[Ken Williams <ke...@forum.swarthmore.edu>]

I think that even though this is labeled with [ot], it's sufficiently off-topic
now and FAQ-based that this thread can now be allowed to die.  


But I had to correct this:

rcaceres@aasa.com.pe (Rafael Caceres) wrote:
>Also, crypt is not DES, it's an implementation of the enigma machine.

It certainly is based on DES, and there's no way it's the enigma machine -
crypt() is a one-way hash function (it can't be decoded), whereas enigma can be
decoded.  The axis and allies used to decode enigma messages all the time. =)

Look at the crypt(3) Unix manpage, it will tell you what's going on.

Re: [ot] How to crypt the way htpasswd does...

[Rafael Caceres <rc...@aasa.com.pe>]

I think we're missing something here. 
Things like:

sub do_validatepwd() {
        #See if the entered Pwd1 matches what the system has..
        my ($encryptedpwd,$Pwd1)=@_;
        my (@usrpwd);
        if ($encryptedpwd eq substr(crypt($Pwd1,substr($Pwd1,0,2)),2)) {
		1;
        } else {
          0;
        }
}

work just fine in my Linux box, but they don't work in our office Digital
4100, and I haven't figured out yet how it crypts the passwords, but it's
not using the crypt routines. If anyone has figured out exactly how it
encrypts, please let me know.

Also, crypt is not DES, it's an implementation of the enigma machine.

Regards,
Rafael Caceres
Information Systems Manager
Corporacion Aceros Arequipa S.A.



>Not long ago, Randal L. Schwartz proclaimed...
>> >>>>> "Doran" == Doran L Barton <fo...@iodynamics.com> writes:
>> 
>> Doran> I've written a Perl module to manage htpasswd-style password
>> Doran> and group files called HTPasswd.pm. I haven't prepared it for
>> Doran> inclusion in CPAN, but you're free to download it and play with
>> Doran> it:
>> 
>> Doran>   < ftp://ftp.iodynamics.com/pub/htpasswd/HTPasswd.pm > 
>> 
>> And it differs from the HTTPD-Tools or HTTPD-UserManage or the
>> Apache-Htpasswd distributions already in the CPAN exactly *how*?
>> 
>> I don't think we need a *fourth* way of doing this. :)
>
>Hey, this is great! I wrote my HTPasswd.pm module because I was unaware of
>anything else available, via CPAN or otherwise. I first wrote it about
>three years ago- so maybe these other tools were not there then.
>
>I'm sure these modules available via CPAN are much better than my code
>simply because they've been maintained. :-)
>
>Thanks Randall. I'll check them out.
>
>-- 
>Doran L. Barton <fo...@iodynamics.com>
>Iodynamics LLC -- "Internetworking the masses"
><URL:http://www.iodynamics.com/>
> 

Re: [ot] How to crypt the way htpasswd does...

[Doug MacEachern <do...@pobox.com>]

On Tue, 29 Feb 2000, Doran L. Barton wrote:
 
> Hey, this is great! I wrote my HTPasswd.pm module because I was unaware of
> anything else available, via CPAN or otherwise. I first wrote it about
> three years ago- so maybe these other tools were not there then.

hope, HTTPD-Tools had you beat by 2 years :)

Re: [ot] How to crypt the way htpasswd does...

["Doran L. Barton" <fo...@iodynamics.com>]

Not long ago, Randal L. Schwartz proclaimed...
> >>>>> "Doran" == Doran L Barton <fo...@iodynamics.com> writes:
> 
> Doran> I've written a Perl module to manage htpasswd-style password
> Doran> and group files called HTPasswd.pm. I haven't prepared it for
> Doran> inclusion in CPAN, but you're free to download it and play with
> Doran> it:
> 
> Doran>   < ftp://ftp.iodynamics.com/pub/htpasswd/HTPasswd.pm > 
> 
> And it differs from the HTTPD-Tools or HTTPD-UserManage or the
> Apache-Htpasswd distributions already in the CPAN exactly *how*?
> 
> I don't think we need a *fourth* way of doing this. :)

Hey, this is great! I wrote my HTPasswd.pm module because I was unaware of
anything else available, via CPAN or otherwise. I first wrote it about
three years ago- so maybe these other tools were not there then.

I'm sure these modules available via CPAN are much better than my code
simply because they've been maintained. :-)

Thanks Randall. I'll check them out.

-- 
Doran L. Barton <fo...@iodynamics.com>
Iodynamics LLC -- "Internetworking the masses"
<URL:http://www.iodynamics.com/>

Re: [ot] How to crypt the way htpasswd does...

[Doug MacEachern <do...@pobox.com>]

On 29 Feb 2000, Randal L. Schwartz wrote:

> >>>>> "Doran" == Doran L Barton <fo...@iodynamics.com> writes:
> 
> Doran> I've written a Perl module to manage htpasswd-style password
> Doran> and group files called HTPasswd.pm. I haven't prepared it for
> Doran> inclusion in CPAN, but you're free to download it and play with
> Doran> it:
> 
> Doran>   < ftp://ftp.iodynamics.com/pub/htpasswd/HTPasswd.pm > 
> 
> And it differs from the HTTPD-Tools or HTTPD-UserManage or the
> Apache-Htpasswd distributions already in the CPAN exactly *how*?
> 
> I don't think we need a *fourth* way of doing this. :)

actually, Lincoln took over HTTPD-Tools and folded it into
HTTPD-UserManage.   HTTPD-Tools has been removed from CPAN

Re: [ot] How to crypt the way htpasswd does...

["Randal L. Schwartz" <me...@stonehenge.com>]

>>>>> "Doran" == Doran L Barton <fo...@iodynamics.com> writes:

Doran> I've written a Perl module to manage htpasswd-style password
Doran> and group files called HTPasswd.pm. I haven't prepared it for
Doran> inclusion in CPAN, but you're free to download it and play with
Doran> it:

Doran>   < ftp://ftp.iodynamics.com/pub/htpasswd/HTPasswd.pm > 

And it differs from the HTTPD-Tools or HTTPD-UserManage or the
Apache-Htpasswd distributions already in the CPAN exactly *how*?

I don't think we need a *fourth* way of doing this. :)

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<me...@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: [ot] How to crypt the way htpasswd does...

["Doran L. Barton" <fo...@iodynamics.com>]

Not long ago, Roger Grayson proclaimed...
> >From the camel book under crypt:
>    if (crypt($your_guess, $encrypted_password) eq $encrypted_password) {
>       # your guess is correct
> You can split off the first 2 chars of the users encrypted password but 
> it is not necessary or , according to the camel, even worthwhile. 

I've written a Perl module to manage htpasswd-style password and group
files called HTPasswd.pm. I haven't prepared it for inclusion in CPAN, but
you're free to download it and play with it:

  < ftp://ftp.iodynamics.com/pub/htpasswd/HTPasswd.pm > 

-- 
Doran L. Barton <fo...@iodynamics.com>
Iodynamics LLC -- "Internetworking the masses"
<URL:http://www.iodynamics.com/>

Re: [ot] How to crypt the way htpasswd does...

[Roger Grayson <Ro...@email.mot.com>]

Re: [ot] How to crypt the way htpasswd does...

[Autarch <au...@urth.org>]

On 29 Feb 2000, Alan E. Derhaag wrote:

> I've found that the salt is usually the first two characters in the
> resultant password.  Use the first two characters as the salt for your
> new password generation and I believe you'll find it matches.

Well, the first time through (when you crypt against a raw pw) you create
a random 2-char salt.  The resulted crypted string will start with this
same salt.  Later, you crypt the pw the user gives with the first 2 chars
of the crypted pw to get this salt.  I'm pretty sure there's an example of
this somewhere in the Eagle book.

-dave

/*==================
www.urth.org
We await the New Sun
==================*/

Re: [ot] How to crypt the way htpasswd does...

["Alan E. Derhaag" <ad...@n2h2.com>]

"Martin A. Langhoff" <ma...@scim.net> writes:

> hi,
> 
>     I need to add/change users in .htpasswd files from an embperl script
> (as if that could save my OT'ness). Now for the life of me I can't
> reproduce the crypting mechanism in htpasswd.
> 
>     I've tried all the combinations of salts and thing I could imagine,
> but I lack a solid *nix background, so maybe I'm making a fool of myself
> with this simple question.
> 
>     Funny thing is, both Perl and htpasswd man pages claim they are
> crypting in the customary unix way. But I just can't make'em match!
> 

I've found that the salt is usually the first two characters in the
resultant password.  Use the first two characters as the salt for your
new password generation and I believe you'll find it matches.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Alan E. Derhaag    Consultant from Interactive Business Systems
phone: 206-336-2972                          Consultant to N2H2
email: aderhaa@n2h2.com                   aderhaag@wolfenet.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-