[dev] passwd - crypt-md5

Max Kalika max at lsit.ucsb.edu
Wed Apr 23 15:51:21 PDT 2003


Quoting "Ian P. Christian" <pookey at pookey.co.uk>:

> Rather oddly, I've just noticed that IMP for some unknonw reason cut my
> origional mail very short.. I've had this happen before, I don't know
> what does it.  Here is my origional mail as it should have been.
> 
> Been playing with passwd, trying to get it to update a password in
> nss_mysql

I think it just did it again....

On a side note.  I just reread:

  <http://www.php.net/manual/en/function.crypt.php>

I have to change my mind now.  We shouldn't try to figure out the salt at
all.  We should just pass the whole crypted password as the second
parameter to crypt().  PHP itself will figure out what the encryption
mechanism will be based on the length and format of the crypted password.
This way we wouldn't need to add any new "crypt-md5" ecryption.  Just have
to remove the substr() call from the CRYPT case and use the $encrypted in
place of salt.  I'll work up a patch really quick-like.  In any case, the
"{crypt}" prefix should be moved out (to a config item -- as seems to be
the consensus still).

Besides all this, we need to make sure that the SQL Auth driver behaves the
same way so that we can still log in after all this password changing
business is laid to rest.

---max kalika
--max at lsit.ucsb.edu
-lsit systems administrator


More information about the dev mailing list