Date: Tue, 10 Jul 2001 09:05:32 -0600 From: "Jan L. Peterson" <jlp@runbox.com> To: Walter Campbell <wcampbel@botbay.net> Cc: Mike Tancsa <mike@sentex.net>, Jim Weeks <jim@siteplus.net>, stable@FreeBSD.ORG Subject: Re: Generating encrypted passwords Message-ID: <20010710150532.67ED041E6E@aurora.corp.flipdog.com> In-Reply-To: Your message of "Tue, 10 Jul 2001 10:24:55 EDT." <Pine.BSF.4.32.0107101023360.542-100000@botbay.net> References: <Pine.BSF.4.32.0107101023360.542-100000@botbay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
wcampbel@botbay.net said:
> A DES (and MD5) salt (and the rest of the hash) can contain a-z A-Z
> 0-9 . and /
Exactly... since we seem to be sharing, here's my script.
No comments, please, about how it's not a very good password. It's good
enough for my purposes (generating an initial password for a user
account or htaccess file, typically). I know that crack would eat these
passwords for breakfast.
I use a different algorithm for generating passwords that are
"important"... the FIPS 181 standard.
-jan-
--
Jan L. Peterson
<jlp@runbox.com>
[-- Attachment #2 --]
#! /usr/local/bin/perl
#
# mkpw: generate a random password *or* display the crypted password
# for a given plain text password (and optionally, salt)
#
# - Jan L. Peterson <jlp@runbox.com>
@saltchars = ('.', '/', '0'..'9', 'A'..'Z', 'a'..'z');
$clear = shift;
$salt = shift;
$salt = &makesalt unless defined($salt);
$clear = &makepw unless defined($clear);
$pass = crypt($clear, $salt);
print "$clear -> $pass\n";
sub makesalt {
return($saltchars[int(rand(scalar(@saltchars)))] .
$saltchars[int(rand(scalar(@saltchars)))]);
}
sub makepw {
open(WORDS, '/usr/share/dict/words');
while (<WORDS>) {
chop;
$len = length($_);
push(@three, $_) if $len == 3;
push(@four, $_) if $len == 4;
}
close(WORDS);
@sep = ('0'..'9', split(m//, '+,/=?^%*'));
if (rand(2) >= 1) {
$word = $three[int(rand(scalar(@three)))] .
$sep[int(rand(scalar(@sep)))] .
$four[int(rand(scalar(@four)))];
} else {
$word = $four[int(rand(scalar(@four)))] .
$sep[int(rand(scalar(@sep)))] .
$three[int(rand(scalar(@three)))];
}
return($word);
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010710150532.67ED041E6E>