Posted by E. Recio on 09/12/06 02:32

Long story short. I want to use Mac OS/X and PHP. I have a db with
passwords stored under Linux using the crypt("foo", "$1$".$salt."$);
scheme. This means that crypt should execute a CRYPT_MD5 password hash.
I know that Mac OS/X only supports the two DES'. So is there a way I can
use mcrypt, or mhash or ANY library to reproduce php's CRYPT_MD5 crypt()
call?

I don't really have a choice to use another password hash scheme, as the
data is being given to me. I have tried almost everything to produce the
same output to no avail:

Under Linux, php has a crypt() function which takes the md5 format (and
blowfish). This will produce a hash of:

<<CRYPT MAGIC>> << 8 CHAR USER SALT>> $ <<HASHED PW>>

$1$ FpsaEXUM $ rXsH1UzUs6w3vfik/wHGr.

PHP supports DES under Mac OS/X (no blowfish, or MD5 crypt). Sites I've
been to, have informed the developer to use a different algorithm and
that it would solve their problem. I, alas, cannot use a different
system. The passwords are stored in someone else's DB and I am forced to
use the Linux PHP/Crypt/MD5 version.

I have tried the md5(), mcrypt (as much as i can understand it, I am not
an encryption expert), mhash (MHASH_MD5) functions to no avail.

To explain what I am doing...

With PHP's crypt() on Linux:

1) look up the password for the user logging in (in a DB or file)
2) grab the salt for that password (it's created at random when the
password is created): chars between '$1$' and '$' (8 characters)
3) take the user supplied password, run it through PHP's crypt with the
same salt: crypt("foobar","$1$"."FpsaEXUM"."$")
3a) Result: $1$FpsaEXUM$rXsH1UzUs6w3vfik/wHGr.

With mhash:
base64_encode(mhash(MHASH_MD5, $mypassword, "$1$".$salt."$"));
Result: 6ZspEb5d0AMqo/RkSod8dw==

With mhash:
base64_encode(mhash_keygen_s2k(MHASH_MD5, $mypassword, "$1$".$salt."$",
16));
Result: blAOWSV9/hmRk/Z06IFQKA==

I've tried permutations of those without the "$1$"..."$" and still
nothing. Even if the hash matched, and I would just add the "$1$"..."$"
that would work. I've tried md5(), no luck.

Needless to say, the crypt() functions on the mac don't work. I
obviously recompiled php to support mcrypt and mhash (and gd, unrelated
issue), hoping that would solve the issue... no dice.

any help, i am desparate here... heck even an explanation as to why it's
not possible even with external libraries, would be good.

-E

• Next in forum: Re: decimal formatting
• Prev in forum: Re: decimal formatting
• Thread view: CRYPT_MD5 on Mac OS/X via mhash/mcrypt/md5/etc etc?

[Reply to this message]