CRYPT_MD5 on Mac OS/X via mhash/mcrypt/md5/etc etc?

This is a discussion on CRYPT_MD5 on Mac OS/X via mhash/mcrypt/md5/etc etc? within the PHP Language forums, part of the PHP Programming Forums category; Long story short. I want to use Mac OS/X and PHP. I have a db with passwords stored under ...


Go Back   Usenet Forums > PHP Programming Forums > PHP Language

Reload this Page CRYPT_MD5 on Mac OS/X via mhash/mcrypt/md5/etc etc?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-12-2006
E. Recio
 
Posts: n/a
Default CRYPT_MD5 on Mac OS/X via mhash/mcrypt/md5/etc etc?
Long story short. I want to use Mac OS/X and PHP. I have a db with
passwords stored under Linux using the crypt("foo", "$1$".$salt."$);
scheme. This means that crypt should execute a CRYPT_MD5 password hash.
I know that Mac OS/X only supports the two DES'. So is there a way I can
use mcrypt, or mhash or ANY library to reproduce php's CRYPT_MD5 crypt()
call?

I don't really have a choice to use another password hash scheme, as the
data is being given to me. I have tried almost everything to produce the
same output to no avail:

Under Linux, php has a crypt() function which takes the md5 format (and
blowfish). This will produce a hash of:

<<CRYPT MAGIC>> << 8 CHAR USER SALT>> $ <<HASHED PW>>

$1$ FpsaEXUM $ rXsH1UzUs6w3vfik/wHGr.

PHP supports DES under Mac OS/X (no blowfish, or MD5 crypt). Sites I've
been to, have informed the developer to use a different algorithm and
that it would solve their problem. I, alas, cannot use a different
system. The passwords are stored in someone else's DB and I am forced to
use the Linux PHP/Crypt/MD5 version.

I have tried the md5(), mcrypt (as much as i can understand it, I am not
an encryption expert), mhash (MHASH_MD5) functions to no avail.

To explain what I am doing...

With PHP's crypt() on Linux:

1) look up the password for the user logging in (in a DB or file)
2) grab the salt for that password (it's created at random when the
password is created): chars between '$1$' and '$' (8 characters)
3) take the user supplied password, run it through PHP's crypt with the
same salt: crypt("foobar","$1$"."FpsaEXUM"."$")
3a) Result: $1$FpsaEXUM$rXsH1UzUs6w3vfik/wHGr.

With mhash:
base64_encode(mhash(MHASH_MD5, $mypassword, "$1$".$salt."$"));
Result: 6ZspEb5d0AMqo/RkSod8dw==

With mhash:
base64_encode(mhash_keygen_s2k(MHASH_MD5, $mypassword, "$1$".$salt."$",
16));
Result: blAOWSV9/hmRk/Z06IFQKA==

I've tried permutations of those without the "$1$"..."$" and still
nothing. Even if the hash matched, and I would just add the "$1$"..."$"
that would work. I've tried md5(), no luck.

Needless to say, the crypt() functions on the mac don't work. I
obviously recompiled php to support mcrypt and mhash (and gd, unrelated
issue), hoping that would solve the issue... no dice.

any help, i am desparate here... heck even an explanation as to why it's
not possible even with external libraries, would be good.

-E
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:45 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0