Professional Web Applications Themes

Crypt SALT value - PERL Modules

I'm trying to translate a function from a perl script to C++. The perl script is: $passwdcrypt = crypt($data_access[$access][1], SALT); This passwd is used in an apache htpasswd file. SALT is not defined in C++. Is SALT a constant or a function? If it is a constant: what is that constant. If it is a function, what is the function? Gerrit Hulleman...

  1. #1

    Default Crypt SALT value

    I'm trying to translate a function from a perl script to C++. The perl
    script is:
    $passwdcrypt = crypt($data_access[$access][1], SALT);

    This passwd is used in an apache htpasswd file. SALT is not defined in C++.
    Is SALT a constant or a function? If it is a constant: what is that
    constant. If it is a function, what is the function?

    Gerrit Hulleman


    Gerrit Hulleman Guest

  2. #2

    Default Re: Crypt SALT value

    Gerrit Hulleman wrote:
    > I'm trying to translate a function from a perl script to C++. The perl
    > script is:
    > $passwdcrypt = crypt($data_access[$access][1], SALT);
    >
    > This passwd is used in an apache htpasswd file. SALT is not defined in C++.
    > Is SALT a constant or a function? If it is a constant: what is that
    > constant. If it is a function, what is the function?
    >
    > Gerrit Hulleman
    >
    >
    The SALT is simply any 2 character string chosen from the set
    [./0-9A-Za-z]. See 'perldoc -f crypt'.

    IIRC, it is straightforward to take 'fcrypt.c' from the perl source and
    create from it a C static library file that exports that 'crypt'
    function (which I think is named 'des_fcrypt' in 'fcrypt.c'). I would
    think it would be just as easy with C++ as it was with C.

    Cheers,
    Rob

    --
    To reply by email u have to take out the u in kalinaubears.

    Sisyphus Guest

  3. #3

    Default Re: Crypt SALT value


    "Sisyphus" <kalinaubearsiinet.net.au> wrote in message
    news:40b1bd84$0$16587$5a62ac22freenews.iinet.net. au...
    > Gerrit Hulleman wrote:
    > > I'm trying to translate a function from a perl script to C++. The perl
    > > script is:
    > > $passwdcrypt = crypt($data_access[$access][1], SALT);
    > >
    > > This passwd is used in an apache htpasswd file. SALT is not defined in
    C++.
    > > Is SALT a constant or a function? If it is a constant: what is that
    > > constant. If it is a function, what is the function?
    > >
    > > Gerrit Hulleman
    > >
    > >
    >
    > The SALT is simply any 2 character string chosen from the set
    > [./0-9A-Za-z]. See 'perldoc -f crypt'.
    >
    > IIRC, it is straightforward to take 'fcrypt.c' from the perl source and
    > create from it a C static library file that exports that 'crypt'
    > function (which I think is named 'des_fcrypt' in 'fcrypt.c'). I would
    > think it would be just as easy with C++ as it was with C.
    >
    > Cheers,
    > Rob
    >
    > --
    > To reply by email u have to take out the u in kalinaubears.
    >
    I have tried the manual and the source/package source. The only thing I
    could find was in the Crypt::Salt package:
    sub salt
    {
    my $length = 2;
    $length = $_[0] if exists $_[0];

    return join "", ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[map {rand 64}
    (1..$length)];
    }

    But if this is true, the SALT value is random at each encrypt. Will apache
    still be able to use these generated values? I am no expert on encryption
    algorithms, but the salt is like the key, without the key it should be
    useless.


    Gerrit Hulleman Guest

  4. #4

    Default Re: Crypt SALT value

    Hi,
    > But if this is true, the SALT value is random at each encrypt. Will apache
    > still be able to use these generated values? I am no expert on encryption
    > algorithms, but the salt is like the key, without the key it should be
    > useless.
    The SALT in included in the resulting cryted string, so in your case
    apache extracts "your" salt, encodes the entered password with this salt
    (yours) and compares the two strings. if they are identicals, the
    entered password was the same, that's the assumption.

    cu
    Andreas

    Andreas Boehm Guest

  5. #5

    Default Re: Crypt SALT value

    Gerrit Hulleman wrote:
    > But if this is true, the SALT value is random at each encrypt. Will apache
    > still be able to use these generated values? I am no expert on encryption
    > algorithms, but the salt is like the key, without the key it should be
    > useless.
    You should have tried it yourself.

    perl -le 'print crypt("password",$_) for qw(aa bc 9/ .q)'
    aajfMKNH1hTm2
    bcKeJseCHD6T2
    9/jR6Pjlc5.qY
    ..qgQfvjMZWEek

    Note how the key is included as the first two characters of the result.
    -Joe
    Joe Smith Guest

Similar Threads

  1. Crypt::DH Crypt::Random install problem
    By carl d. in forum PERL Modules
    Replies: 1
    Last Post: November 10th, 01:35 AM
  2. crypt function in PHP different from Perl's crypt?
    By Lars Plessmann in forum PHP Development
    Replies: 10
    Last Post: May 26th, 11:17 PM
  3. Where to store your salt
    By Edgar Sánchez in forum ASP.NET Security
    Replies: 2
    Last Post: January 26th, 07:00 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139