Gossamer Forum: Products: Others: Gossamer Community: use Digest::MD5 qw(md5

May 27, 2003, 9:35 PM

dearnet

Enthusiast (907 posts)

May 27, 2003, 9:35 PM

Post #1 of 7

Shortcut

use Digest::MD5 qw(md5_hex);

Hello Alex!

I can understand $GT$, but why omit

1-

$enc_pass = md5_hex($clear_pass);

2-

elsif (length($encrypted) == 32)

return $encrypted eq md5_hex($clear_pass);

This opens a new arena Smile

May 29, 2003, 11:20 AM

Alex

Administrator (9387 posts)

May 29, 2003, 11:20 AM

Post #2 of 7

Shortcut

Re: [dearnet] use Digest::MD5 qw(md5_hex); In reply to

Hi,

I'm not sure I understand what you mean?

Cheers,

Alex
--
Gossamer Threads Inc.

May 29, 2003, 2:01 PM

dearnet

Enthusiast (907 posts)

May 29, 2003, 2:01 PM

Post #3 of 7

Shortcut

Re: [Alex] use Digest::MD5 qw(md5_hex); In reply to

Hi Alex!

I saw the length was 34. While working with md5_hex without $GT$ it gives 32!

This means that many people who have already a database in which the lengths would be based on md5_hex resulting into 32 bits of length will be devoid of the current use of the available database and therefore may have to ask their users to re-sign.

I wanted to produce 32 bits so that I could use it with other CMS, postnuke. Hence the change.

BTW, for it comm_ = pn_ Tongue

May 29, 2003, 2:07 PM

Alex

Administrator (9387 posts)

May 29, 2003, 2:07 PM

Post #4 of 7

Shortcut

Re: [dearnet] use Digest::MD5 qw(md5_hex); In reply to

Ah, it now looks like:

Code:
sub comm_compare_pass { 
# ------------------------------------------------------------------- 
    my ($clear_pass, $encrypted) = @_; 
    if (length($encrypted) == 13) { # crypt 
        return $encrypted eq crypt($clear_pass, $encrypted); 
    } 
    elsif (length($encrypted) == 34) { # Unix style md5 crypt (Magic: 1) 
        require GT::MD5::Crypt; 
        return $encrypted eq GT::MD5::Crypt::unix_md5_crypt($clear_pass, $encrypted); 
    } 
    elsif (length($encrypted) == 35) { # GT md5 crypt (Magic: GT) 
        require GT::MD5::Crypt; 
        return $encrypted eq GT::MD5::Crypt::gt_md5_crypt($clear_pass, $encrypted); 
    } 
    elsif (length($encrypted) == 37) { # Apache md5 crypt (Magic: apr1) 
        require GT::MD5::Crypt; 
        return $encrypted eq GT::MD5::Crypt::apache_md5_crypt($clear_pass, $encrypted); 
    } 
    else { 
        return undef; 
    } 
}

Cheers,

Alex
--
Gossamer Threads Inc.

May 29, 2003, 2:13 PM

dearnet

Enthusiast (907 posts)

May 29, 2003, 2:13 PM

Post #5 of 7

Shortcut

Re: [Alex] use Digest::MD5 qw(md5_hex); In reply to

Hi!

use strict;

use Digest::MD5 qw(md5_hex);

--------

sub comm_encrypt {
# -------------------------------------------------------------------
my ($clear_pass, $salt) = @_;
defined $salt or ($salt = '');
my $enc_pass;

$enc_pass = md5_hex($clear_pass);

return $enc_pass;

}

sub comm_compare_pass {
# -------------------------------------------------------------------
my ($clear_pass, $encrypted) = @_;
if (length($encrypted) == 13) { # crypt
return $encrypted eq crypt($clear_pass, $encrypted);

} elsif (length($encrypted) == 32) { # Unix style md5 crypt (Magic: 1)

return $encrypted eq md5_hex($clear_pass);

} elsif (length($encrypted) == 34) { # Unix style md5 crypt (Magic: 1)
require GT::MD5::Crypt;
return $encrypted eq GT::MD5::Crypt::unix_md5_crypt($clear_pass, $encrypted);
}
elsif (length($encrypted) == 35) { # GT md5 crypt (Magic: GT)
require GT::MD5::Crypt;
return $encrypted eq GT::MD5::Crypt::gt_md5_crypt($clear_pass, $encrypted);
}
elsif (length($encrypted) == 37) { # Apache md5 crypt (Magic: apr1)
require GT::MD5::Crypt;
return $encrypted eq GT::MD5::Crypt::apache_md5_crypt($clear_pass, $encrypted);
}
else {
return undef;
}
}[/code]I find the best is to give an option to the Admin, what method to choose, i.e. from the Community.conf.

This would help in covering thousands of Admins currently having a database and NOT a single Product from GT.

Last edited by:

dearnet: May 29, 2003, 2:19 PM

May 29, 2003, 2:21 PM

dearnet

Enthusiast (907 posts)

May 29, 2003, 2:21 PM

Post #6 of 7

Shortcut

Re: [Alex] use Digest::MD5 qw(md5_hex); In reply to

Hello Alex!

Messed up with the code in the above post.

Do note that the hex that comes out is a 32 bit AND NOT 34 bit like the way how you got the new GT Magic in there.

Thats important to have it general. Most CMS uses that.

May 29, 2003, 2:42 PM

dearnet

Enthusiast (907 posts)

May 29, 2003, 2:42 PM

Post #7 of 7

Shortcut

Re: [Alex] use Digest::MD5 qw(md5_hex); In reply to

Hello Alex!

The above works fine for me, but to continue the argument, it would mean the following:

Code:
 sub comm_encrypt { 
# ------------------------------------------------------------------- 
    my ($clear_pass, $salt) = @_; 
    defined $salt or ($salt = ''); 
    my $enc_pass; ########################### 
my $encrypt_method; if ($encrypt_method == ' md5_hex ') {  
$enc_pass = md5_hex($clear_pass);  
}  
elseif { #####################    if ($CFG->{system_store_md5_pass}) { 
        require GT::MD5::Crypt; 
        $salt ||= join '', ('a' .. 'z', 'A' .. 'Z', 0 .. 9, '.', '/')[map rand 64, 1 .. 8];        $enc_pass = GT::MD5::Crypt::unix_md5_crypt($clear_pass, $salt); 
    } 
    else { 
        $salt ||= join '', ('a' .. 'z', 'A' .. 'Z', 0 .. 9, '.', '/')[rand 64, rand 64]; 
        $enc_pass = crypt($clear_pass, $salt); 
    } 
    return $enc_pass; 
}

And the $encrypt_method == ' md5_hex ' will be defined from Community.conf!

Last edited by:

dearnet: May 29, 2003, 2:48 PM