Galen P.Zink wrote:
Kris,
I doubt there's "no way" to do this under OS X. Maybe by default, you have a curve ball to deal with. But considering the kernel is open source, you could make this OS do anything... literally :)
That is how I feel as well. Being a long-time *nix/BSD user.. I have heard it before and never believe "it cant be done". I remember back on the C64, they said the computer would not support a 9600BAUD modem, then one day I am plugging one into my cartridge port and getting "blazing" speeds (LOL This was in the eighties obviously)...
A second problem, and why I want to create some PHP to mimic crypt() "unix style" passwords without actually using crypt() is due to the fact that this box is not my box and so the option of modifying the OS is currently not an option. Consider this thread dead unless someone else has a solution. Thanks for thinking it through. Your time has been greatly appreciated.
A side note; I am amazed that no one else on this list can or is jumping into this discussion about using PHP to mimic PHP's crypt() function in order to create "unix style" MD5 passwords. I know it has been done before, and can be done probably many different ways. The idea of using system() or exec() to call MD5 is an option I will be looking into, however, I know there must be another option. I have considered rewriting my own version of crypt() to not use libmcrypt but the information on the C-like Zend language used to write your own embedded PHP functions is a bit vague in regards to me "getting over the learning curve". My other option is to just move this to another server and then my existing crypt() based code will resume functioning as expected.
I dont except a reply from Rasmus or Zeev, as they are extremely busy guys, however, I won't stop them if they are interested in this thread.
Help me Obi Won, you are my only hope. LOL
Take Care,
Kris zoob@xxxxxxxxxxxx
Where is your PHP package coming from? If you've already been using the http://entropy.ch binary, maybe you should try compiling your own. Or get (and either compile yourself or just install binaries) it via fink (http://fink.sf.net/) which often gives you different options for libraries to use and such during install. Or any number of other options. I wonder if there is some build option or something setup in the configuration process that affects this. I seriously wonder how libmcrypt could have this sort of limitation under OS X, but I am not that type of programmer.
I would encourage you to play with this and post your results to the php-general list as well as letting me know how it goes.
-Galen
On Nov 3, 2004, at 2:31 PM, Kris wrote:
Galen,
Thank you for the response. I understand where you are coming from; your use of MD5 hash. In short, my goal is to recreate crypt()'s method of creating "unix style" passwords without using PHP's built-in crypt() function... (as seen in /etc/shadow on a *nix server, ie. $1$seeeeed$blaaaaaaah instead of standard MD5 hash which does not use $1$....$ to store a "seed".)
Ultimately, my problem exists related to the server I am using, where the server's PHP crypt (using libmcrypt) returns with the fact that
CRYPT_MD5 = 0 .
In researching, I have been told that this is a limitation of Mac OS X, that "there is no way to have libmcrypt support both DES and MD5" on this OS.. but I know there must be a way because it is easy to have a FreeBSD server use both DES and MD5.
I had an old BSD box online for years.. where old account passwords in /etc/shadow were encrypted via two character salt DES. One day, I made a simple change to the box's config and then any new accounts created would use MD5. The "coolest" part is that any old passwords in DES could remain DES, and BSD's libmcrypt could determine if a passwd in /etc/shadow was DES or MD5 and handle accordingly. Obviously, this kept me from having to call clients and change their password so as to re-encrypt their respective /etc/shadow entry into MD5.
I hope this email better explains my situation. I'll check out man md5 on the Mac box and see what I can figure out. In the meantime, if this email helps to generate any ideas which may be helpful in my current quest, your input would be most appreciated.
Thanks again,
Kris
Galen P.Zink wrote:
Kris,
I'm not quite sure what you mean here. When I work with md5, I always have considered it to work like this:
string -> md5 = hash
On any system, the md5 binary, md5 php function, and MySQL md5 (in most cases - though in certain situations you could have problems if you have a field of the wrong type or length) all work exactly alike.
This is how I have always thought of md5 and considered it to be "standard" and I've never had a problem with it. I've made dozens of web and other php/mysql applications.
There have never been seeds or anything else involved in my experiences. I do know that in some cases a "salt" is setup on certain unix systems. I don't know a lot more about this and I don't know how it applies to your situation. I would encourage you to look at "man md5" in the command line under OS X which documents OpenSSL and md5 well. I imagine there is a function there somewhere to work with the salt or seed or whatever you have going.
If you can give me some specific examples of your situation I might be able to help more, but I would encourage you to poke a little deeper yourself first. Let me know how it goes.
-Galen
On Nov 3, 2004, at 11:22 AM, Kris wrote:
Hi Galen,
Yes, OSX seems nice, however, still having a problem with MD5 on the box.
When I use MySQL's MD5('$password'), it generates MD5 but not in the traditional *nix manner, ie. $1$hy67ju86h$nughjgh86fgasdf. Instead I seem to just get a hash, no $1$blahblahseed$, just a long string (MD5 hash I presume).
My original problem is that, on my development server, I have MD5 encrypted passwords in the manner shown above $1$yadayada....$ I didnt see in the php MD5 how to recreate this without using crypt(). I can get the seed $1$123456789$ into a $var but how do you get MD5 to use the seed from a variable to compare db password against password data from a form? Can you help? Is this possible?
Thanks,
Kris
Galen wrote:
I use md5 all the time and OS X is my web development staging environment! I write and test all my scripts on OS X and then send off to the server. I don't use crypt, but I have never seen any problems going between the two. apache, php, mysql, rsync, ssh, scp, everything *nixy plus a nice interface makes OS X the ideal web development environment - at least for me.
Not only can MySQL do md5, there is an md5 function in php which I've used many times under OS X no problem:
http://us2.php.net/md5
If that wasn't enough, OS X ships with an md5 binary that's in the usual file path so typing "md5" in the command line will pull it up and "man md5" gives all the info you could need on using it. I don't encourage the use of the command line version of md5 for php because it will be slower than the built in php function, but it is there!
-Galen
On Oct 25, 2004, at 10:38 AM, Daniel Schierbeck wrote:
Kris wrote:
I recently moved a site to a MacOSX based Apache/PHP server. Apparently crypt only uses DES. I read somewhere that "there is no way to get it use use MD5", which sounds hard to beleive considering the OS is BSD based.
So.. here is my dilema.. My db contains usernames and passwords. The passwords are MD5 $1ljdslkjdsf$lkjdsaflkjdsf (created by crypt().) So on this new box, new accounts created get DES passwords. I just as well prefer to not see any DES encryptions used in this db.
Any Mac OSX'ers in here that may have a solution? All my users recreating new passwords for their account is not an option.
Thanks for any ideas,
Kris
Can't you just use the db's (i assume you use MySQL, most do) built-in MD5 function?
SELECT id, username FROM users WHERE username LIKE 'myuser' AND password = MD5('mypass') LIMIT 1
-- Daniel Schierbeck
Help spread Firefox (www.getfirefox.com): http://www.spreadfirefox.com/?q=user/register&r=6584
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php