Date: Tue, 21 Sep 1999 12:57:31 -0600 From: Damien Tougas <dtougas@converging.net> To: Brian McGovern <bmcgover@cisco.com> Cc: FreeBSD-Questions@freebsd.org Subject: Re: How does this password encryption stuff work? Message-ID: <19990921125731.A16648@converging.net> In-Reply-To: <199909211715.NAA22395@bmcgover-pc.cisco.com> References: <199909211715.NAA22395@bmcgover-pc.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, I want to thank you very much for your reply. It was very clear, easy to understand, and is exactly what I was looking for. I appreciate someone taking the time to stoop to the level of someone with very little C programming experience. Thank You, Thank You, Thank You!!! -- Damien Tougas Converging Technology Solutions, Inc. Phone: (780)469-1679 Fax: (780)461-5127 E-mail: dtougas@converging.net http://www.converging.net On Tue, Sep 21, 1999 at 01:15:18PM -0400, Brian McGovern wrote: > Take a look at crypt(3) (man 3 crypt)... > > Paraphasing the crypt man page: > > The first arguement to crypt is a NUL-terminated string, ie - the password. The > second is a character array, 9 bytes long, consisting of an underscore, 4 > bytes of iteration, and 4 bytes of salt. They comment that they're encoded 6 > bits per character, and that 0-63 use certain ASCII characters.... > > Now, you want to do something to randomize the salt. This way, if the user > keeps selecting the same password, the encrypted form will continue to appear > to have changed (thus detering hackers). > > Therefore, the "simplest" (although by no means the best), might be via a > program similar to: > > #include <stdio.h> > #include <unistd.h> > > void main(int argc, char *argv[]) > { > printf("%s\n",crypt(argv[1],argv[2])); > } > > Then, assuming you call it "foo.c", compile with: > > cc -o foo foo.c -lcrypt. > > You can then run "foo", and specify a password and salt (and the salt must > be an underscore, then 8 bytes of salt and interation), so something like > this: > > ./foo MyPassword _iterSALT > > You will then get an encrypted password out. > > To make the above program more robust, here are some ideas: > > 1.) Add documentation, and comments. > > 2.) Add error checking. Make sure the right number of parameters are passed, > perhaps that the second parameter really starts with an _, etc. > > 3.) Take the second parameter away from the command line, and randomize it, > perhaps with gettimeofday(), or similar function that will change frequently. > > Enjoy. > -Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990921125731.A16648>