Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration
Reload this Page How to activate MD5 passwords?
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #11  
Old 9th March 2006, 19:40
bjmg bjmg is offline
Junior Member
  
Join Date: Mar 2006
Location: Püttlingen, Saarland, Germany
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to bjmg
Default
Code:
$passwort = "||||:". crypt(stripslashes($user["user_passwort"]), "$1$".md5(time()) );
}
This is NOT more secure than a true md5 with a correct salt.
By the way: a crypt salt only consists of two (2) chars. Don't forget that.
Like this one (not tested - sorry):
Code:
$passwort = "||||:". md5("$1$md5(time())."$".stripslashes($user["user_passwort"]));
A correct salt for md5 has a length of 12 chars and 8 of those 12 chars should be random. A salt always starts with $1$ and ends with $.
So this is a correct salt "$1$xxxxxxxx$".
I'll provide a patch that uses correct salts. Just look into it or even better look into some description of md5 in passwd/shadow files.

Bernhard
Reply With Quote
Sponsored Links
  #12  
Old 10th March 2006, 08:17
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,896
Thanks: 693
Thanked 4,191 Times in 3,208 Posts
Default
Quote:
I'll provide a patch that uses correct salts.
Thanks.

Quote:
Just look into it or even better look into some description of md5 in passwd/shadow files.
I've not written that code. I will have a look into it.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #13  
Old 10th March 2006, 08:21
bjmg bjmg is offline
Junior Member
  
Join Date: Mar 2006
Location: Püttlingen, Saarland, Germany
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to bjmg
 
Default
Above I wrote md5(). I actually meant to use the md5 version of crypt. I also verified that your md5 encryption works but in general random data is better for encryptions than time data. It seems that PHP5 does not care about the missing $ at the end of the salt. And it does not care about the too long salt. But I think you really should use a right length/right formed salt.

Bernhard
Reply With Quote
Reply
Page 2 of 2 1 2

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba as a PDC HOWTO - Change clients passwords linuxmad HOWTO-Related Questions 6 10th May 2006 16:25
DB access passwords not configurable viewport Installation/Configuration 2 6th March 2006 07:37
Php is compiled without XML gmesscouk Installation/Configuration 8 9th January 2006 20:53
Activate ssl misterm Installation/Configuration 1 14th December 2005 18:42
Activate subversion Thang General 1 26th November 2005 09:42


All times are GMT +2. The time now is 16:22.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.