Comments on: Password problems with crypt() and htpasswd files http://paul-m-jones.com/archives/134?utm_source=rss&utm_medium=rss&utm_campaign=password-problems-with-crypt-and-htpasswd-files It's not enough to be smart; you have to actually know things. Wed, 16 May 2012 17:27:27 +0000 hourly 1 http://wordpress.org/?v=3.1 By: Sami http://paul-m-jones.com/archives/134/comment-page-1#comment-419969 Sami Fri, 18 Mar 2011 08:55:30 +0000 http://paul-m-jones.com/blog/?p=134#comment-419969 I found that out too, with the latest stable Debian release. I wonder how this kind of problem is still here, after 6 years from the original post of this thread. I found that out too, with the latest stable Debian release. I wonder how this kind of problem is still here, after 6 years from the original post of this thread.

]]> By: Paul M. Jones » Blog Archive » Htpasswd and crypt() in Solar — fixed! http://paul-m-jones.com/archives/134/comment-page-1#comment-160852 Paul M. Jones » Blog Archive » Htpasswd and crypt() in Solar — fixed! Thu, 12 Jul 2007 01:55:14 +0000 http://paul-m-jones.com/blog/?p=134#comment-160852 [...] Paul M. Jones If it’s worth doing, it’s worth over-doing. « Password problems with crypt() and htpasswd files Solar 0.1.0 Released » [...] [...] Paul M. Jones If it’s worth doing, it’s worth over-doing. « Password problems with crypt() and htpasswd files Solar 0.1.0 Released » [...]

]]> By: Liam http://paul-m-jones.com/archives/134/comment-page-1#comment-7329 Liam Thu, 28 Apr 2005 00:24:15 +0000 http://paul-m-jones.com/blog/?p=134#comment-7329 This is from the GNU crypt man pages. GNU EXTENSION The glibc2 version of this function has the following additional fea- tures. If salt is a character string starting with the three charac- ters "$1$" followed by at most eight characters, and optionally termi- nated by "$", then instead of using the DES machine, the glibc crypt function uses an MD5-based algorithm, and outputs up to 34 bytes, namely "$1$$", where "" stands for the up to 8 charac- ters following "$1$" in the salt, followed by 22 bytes chosen from the set [a-zA-Z0-9./]. The entire key is significant here (instead of only the first 8 bytes). Programs using this function must be linked with -lcrypt This is from the GNU crypt man pages.

GNU EXTENSION
The glibc2 version of this function has the following additional fea-
tures. If salt is a character string starting with the three charac-
ters “$1$” followed by at most eight characters, and optionally termi-
nated by “$”, then instead of using the DES machine, the glibc crypt
function uses an MD5-based algorithm, and outputs up to 34 bytes,
namely “$1$$”, where “” stands for the up to 8 charac-
ters following “$1$” in the salt, followed by 22 bytes chosen from the
set [a-zA-Z0-9./]. The entire key is significant here (instead of only
the first 8 bytes).

Programs using this function must be linked with -lcrypt

]]> By: Keith http://paul-m-jones.com/archives/134/comment-page-1#comment-6409 Keith Thu, 14 Apr 2005 12:41:13 +0000 http://paul-m-jones.com/blog/?p=134#comment-6409 You can use crypt(), MD5 or SHA for password. All within the same password file too. Why not just force users who have older crypt password to change their password and then save it using MD5. You can use crypt(), MD5 or SHA for password. All within the same password file too. Why not just force users who have older crypt password to change their password and then save it using MD5.

]]> By: pmjones http://paul-m-jones.com/archives/134/comment-page-1#comment-6406 pmjones Thu, 14 Apr 2005 11:39:57 +0000 http://paul-m-jones.com/blog/?p=134#comment-6406 Hi, Oscar -- You understood; that does appear to be the case. Apparently it's a "known limitation" of crypt(). However, I'm doing a little more research and there may be another workaround (e.g., having htpasswd use SHA encryption, but that's not the default). Hi, Oscar — You understood; that does appear to be the case. Apparently it’s a “known limitation” of crypt(). However, I’m doing a little more research and there may be another workaround (e.g., having htpasswd use SHA encryption, but that’s not the default).

]]> By: oscar merida http://paul-m-jones.com/archives/134/comment-page-1#comment-6390 oscar merida Thu, 14 Apr 2005 04:27:07 +0000 http://paul-m-jones.com/blog/?p=134#comment-6390 Clarification: are you saying that when crypted with the same salt "password" and "password2" produce the same string (or at least strings with matching first eight characters)? Or did I misunderstand? Clarification: are you saying that when crypted with the same salt “password” and “password2″ produce the same string (or at least strings with matching first eight characters)?

Or did I misunderstand?

]]>