Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Perl crypt, This is tough.

Status
Not open for further replies.

mtnclark

Technical User
Jul 16, 2002
12
GB
This is tough, but what I am looking for is advice on password decription as follows.
I have been using a program customised Bugzilla ( established bug tracking tool)which uses Perl crypt, which is an implementation of UNIX C-standard DES crypt(3) function which is . I wish to use Microsoft Access for reporting purposes but need the same validation decription process that Bugzilla uses, I have been using MS Accesses xcrypt with no avail. I shall explain as follows:

What is needed is a Windows implementation of crypt(3) (ie 'crypt.dll') that can then be called by MS Access to validate user log-ons, or a bit of VB script that implements it that I can then shoehorn into MS Access.

Once a working MS Access crypt(3) is available, it merely becomes a matter of cunning code to ensure that only permitted users can see permitted data.

MSDN (msdn.microsoft.com) has some bits'n'pieces about crypt(3), but no dll or useful code segment as far as I can see.


Any help or pointers would be appreciated.

Martin..
See code sample for perl below.
NAME
crypt - one-way password encryption function

SYNOPSIS
#define _MINIX_SOURCE 1
#include <unistd.h>

char *crypt(const char *key, const char *salt)

DESCRIPTION
The first use of crypt() is to encrypt a password. Its second use is to
authenticate a shadow password. In both cases crypt() calls pwdauth(8)
to do the real work.

Crypt() encrypts a password if called with a user typed key, and a salt
whose first two characters are in the set [./0-9A-Za-z]. The result is a
character string in the [./0-9A-Za-z] alphabet of which the first two
characters are equal to the salt, and the rest is the result of
encrypting the key and the salt.

If crypt() is called with a salt that has the form ##user then the key is
encrypted and compared to the encrypted password of user in the shadow
password file. If they are equal then crypt() returns the ##user
argument, if not then some other string is returned. This trick assures
that the normal way to authenticate a password still works:

if (strcmp(pw->pw_passwd, crypt(key, pw->pw_passwd))) ...

If key is a null string, and the shadow password is a null string or the
salt is a null string then the result equals salt. (This is because the
caller can't tell if a password field is empty in the shadow password
file.)

The key and salt are limited to 1024 bytes total including the null
bytes.

FILES

/usr/lib/pwdauth The password authentication program

SEE ALSO
getpass(3), getpwent(3), passwd(5), pwdauth(8).

NOTES
The result of an encryption is returned in a static array that is
overwritten by each call. The return value should not be modified.
 
Have you looked at CAPI (cryptography API), by referencing capicom.dll in the system directory?

I was trying to find the example code that was published in Visual Systems Journal a couple of months ago, but couldn't find it on the website. Instead, here is a section of code from a little VB application I wrote. You should be able to work out what is going on. One of the supported encryption methods is DES-3.

Code:
Private Sub cmdDecrypt_Click()
Dim Crypt1 As New EncryptedData
With Crypt1
    .SetSecret txtPassword.Text
    On Error Resume Next
    .Decrypt txtEnText.Text
    If Err.Number <> 0 Then
        Err.Clear
        txtDeText.Text = &quot;Password incorrect!&quot;
    Else
        txtDeText.Text = .Content
    End If
End With
Set Crypt1 = Nothing
End Sub

Private Sub cmdEncrypt_Click()
Dim Crypt1 As New EncryptedData
With Crypt1
    .Algorithm.Name = CAPICOM_ENCRYPTION_ALGORITHM_DES
    .Algorithm.KeyLength = CAPICOM_ENCRYPTION_KEY_LENGTH_MAXIMUM
    .SetSecret txtPassword.Text
    .Content = txtInText.Text
    txtEnText.Text = .Encrypt
End With
Set Crypt1 = Nothing
End Sub
 
If you don't have to use DES3 then I have some code that will generate an MD5 hash for a given string.
I think it works in the same way as your perl example, you first hash the password and store the result, then when it comes to checking the password you just hash the users response and compare that to what's stored on the database.

If that's what you want I'll dig out the funtion.

Ben

----------------------------------------------
Ben O'Hara &quot;Where are all the stupid people from...
...And how'd they get so dumb?&quot;
rockband.gif
NoFX-The Decline
----------------------------------------------
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top