[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RE : how to generate passwords?



Sorry to keep a topic going that's not directly related to OpenLDAP,
but this may come in handy for several OpenLDAP users...

I can't post the CGI because it's _very_ specific to my setup, but here's
a good example of various password formats in Perl.  I think I've only
even tried crypt1 and ssha with my OpenLDAP/nss_ldap/pam_ldap setup and
they work fine.  If you use Slackware like me, make sure you install a
PAMified /bin/login or you won't be able to (for example) use telnet as
a user in LDAP.

Watch out for word wrap if you cut and paste anything and if you
improve/add anything, let me know.  BTW, I use perl 5.6.1, haven't tried
any of this with anything else.


#!/usr/bin/perl -w

# crypt1, crypt2, md5, smd5, sha, ssha
my $password_format = "ssha";

use strict;

my ($password,$encpass);

die "\nUsage: $0 password\n\n" if ! $ARGV[0];
$password = $ARGV[0];
$encpass = &encrypt_password($password);
if ($encpass) { print "Encrypted password: $encpass\n"; }
else { print "Error! blank encpass return!?\n"; }

sub encrypt_password {
        my $pass=$_[0];
        my ($cryptdpass);
        $password_format = 'crypt1' if ! $password_format;
	$password_format = lc($password_format);
        if ($password_format eq 'crypt1') { $cryptdpass = &password_crypt1($pass); }
        elsif ($password_format eq 'crypt2') { $cryptdpass = &password_crypt2($pass); }
        elsif ($password_format eq 'md5') { $cryptdpass = &password_md5($pass); }
        elsif ($password_format eq 'smd5') { $cryptdpass = &password_smd5($pass); }
        elsif ($password_format eq 'sha') { $cryptdpass = &password_sha($pass); }
        elsif ($password_format eq 'ssha') { $cryptdpass = &password_ssha($pass); }
        return($cryptdpass);
}

sub password_crypt1 {
        my $pass=$_[0];
        my ($cryptdpass,$salt);
        $salt = &get_salt;
        $cryptdpass = '{CRYPT}' . crypt($pass,$salt);
        return($cryptdpass);
}

sub password_crypt2 {
        my $pass=$_[0];
        use Crypt::PasswdMD5;
        my ($cryptdpass,$salt);
        $salt = &get_salt;
        $cryptdpass = '{MD5}' . unix_md5_crypt($pass,$salt);
        return($cryptdpass);
}

sub password_md5 {
        my $pass=$_[0];
        use Digest::MD5;
        use MIME::Base64;
        my ($hashedPasswd);
        my $ctx = Digest::MD5->new;
        $ctx->add($pass);
        $hashedPasswd = '{MD5}' . encode_base64($ctx->digest,'');
        return($hashedPasswd);
}

sub password_smd5 {
        my $pass=$_[0];
        use Digest::MD5;
        use MIME::Base64;
        my ($hashedPasswd,$salt);
        $salt = &get_salt;
        my $ctx = Digest::MD5->new;
        $ctx->add($pass);
        $ctx->add($salt);
        $hashedPasswd = '{SMD5}' . encode_base64($ctx->digest . $salt,'');
        return($hashedPasswd);
}

sub password_sha {
        my $pass=$_[0];
        use Digest::SHA1;
        use MIME::Base64;
        my ($hashedPasswd);
        my $ctx = Digest::SHA1->new;
        $ctx->add($pass);
        $hashedPasswd = '{SHA}' . encode_base64($ctx->digest,'');
        return($hashedPasswd);
}

sub password_ssha {
        my $pass=$_[0];
        use Digest::SHA1;
        use MIME::Base64;
        my ($hashedPasswd,$salt);
        $salt = &get_salt8;
        my $ctx = Digest::SHA1->new;
        $ctx->add($pass);
        $ctx->add($salt);
        $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . $salt,'');
        return($hashedPasswd);
}

sub get_salt {
        my $rands = substr(time(),-4);
        my $salt = ('a'..'z')[int(($rands/100)%26)];
        $salt .= ('a'..'z')[int(($rands%100)%26)];
        return($salt);
}

sub get_salt8 {
        my $salt = join '', ('a'..'z')[rand 26,rand 26,rand 26,rand 26,rand 26,rand 26,rand 26,rand 26];
        return($salt);
}




1