|
|
Posted by "Richard Lynch" on 07/08/05 00:23
On Thu, July 7, 2005 2:50 am, Javier said:
> On 05/07/2005 at 14:04 sylikc wrote:
>>
>>For MD5 passwords though, it's a little different and not documented
>>as thoroughly...
>>3) Extract crypt salt from the $crypthash ....
>>$cryptsalt = '$'.substr($crypthash,4,11);
>
> Thanks for your help.
>
> I checked my PHP support CRYPT_MD5, then I did the following:
>
> I've generated a user javier with password javier in my htpasswd file and
> got this:
>
> Automatically using MD5 format.
> javier:$apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1
>
> Then I did the following code:
>
> ---------------------
> <?php
>
> print "password: ".$password = "javier"."\n";
>
> $crypthash = '$apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1';
> $cryptsalt = '$'.substr($crypthash,4,11);
>
> print "cryptsalt: ".$cryptsalt."\n";
> print "crypthash: ".$crypthash."\n";
>
> print "crypted by me: ".'$apr'.crypt($password, $cryptsalt)."\n";
>
> ?>
> ----------------------
>
> And the output was:
>
> password: javier
> cryptsalt: $1$nO/.....$
> crypthash: $apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1
> crypted by me: $apr$1$nO/.....$0cKBXpoO.Q/jpA6sUUafq0
Aha!
Since your output has an extra '$' after the $apr and before the
1$n0/..... I'm gonna go out on a limb and suggest you probably shouldn't
add the '$' to the front of your salt.
You're adding it, and crypt() is adding it, and you've got too much money
in your salt. :-)
Change step 3 to:
$cryptsalt = substr($crypthash,4,11);
Basically, do whatever it takes to get the front half of the crypted
outputs to match up, and I suspect that the random parts at the end will
magically sort themselves out. :-)
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|