Skip Menu |

This queue is for tickets about the Crypt-PasswdMD5 CPAN distribution.

Report information
The Basics
Id: 37036
Status: resolved
Worked: 3 hours (180 min)
Priority: 0/
Queue: Crypt-PasswdMD5
People
Owner: Nobody in particular
Requestors: kbrint [...] rufus.net
Cc: luismunoz [...] cpan.org
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.3
Fixed in: 1.3

History Show all quoted text
  Mon Jun 23 18:13:30 2008 kbrint [...] rufus.net - Ticket created
CC: luismunoz [...] cpan.org
Subject: Create random salts of user-specified length
Some implementations (i.e. Cisco enable secret) cannot accept salts with length > 4. Therefore, it's helpful to permit the user to generate salts of a specific length. The attached patch creates another function "random_md5_salt" which does just that. Note this also fixes RT#15663 (minor error in salt generation). Despite the comments in the ticket, this was still broken as of the latest revision (1.3).
Subject: rand_md5.patch
Index: PasswdMD5.pm =================================================================== --- PasswdMD5.pm (.../vendor/current) (revision 7) +++ PasswdMD5.pm (.../branches/rand_md5_salt) (revision 7) @@ -24,6 +24,7 @@ require Exporter; @ISA = qw(Exporter); @EXPORT = qw(unix_md5_crypt apache_md5_crypt); +@EXPORT_OK = (@EXPORT, qw( random_md5_salt )); =head1 NAME @@ -36,6 +37,8 @@ $cryptedpassword = unix_md5_crypt($password, $salt); $apachepassword = apache_md5_crypt($password, $salt); + use Crypt::PasswdMD5 qw( random_md5_salt ); + $salt = random_md5_salt($length); =head1 DESCRIPTION @@ -94,9 +97,7 @@ $salt = substr($salt, 0, 8); } else { - $salt = ''; # in case no salt was proffered - $salt .= substr($itoa64,int(rand(64)+1),1) - while length($salt) < 8; + $salt = random_md5_salt(); } $ctx = new Digest::MD5; # Here we start the calculation @@ -164,17 +165,28 @@ $Magic . $salt . q/$/ . $passwd; } +################################### + +$MAX_SALT_LENGTH = 8; +sub random_md5_salt { + my $len = shift || $MAX_SALT_LENGTH; + my $salt = ''; + + # sanity check + $len = $MAX_SALT_LENGTH + unless ($len >= 1 and $len <= $MAX_SALT_LENGTH); + + $salt .= substr($itoa64,int(rand(64)),1) for (1..$len); + + return $salt; +} + 1; __END__ =pod -=head2 EXPORT - -None by default. - - =head1 HISTORY $Id: PasswdMD5.pm,v 1.3 2004/02/17 11:21:38 lem Exp $ Index: t/salt.t =================================================================== --- t/salt.t (.../vendor/current) (revision 0) +++ t/salt.t (.../branches/rand_md5_salt) (revision 7) @@ -0,0 +1,28 @@ +use Crypt::PasswdMD5 qw[ random_md5_salt ]; + +print "1..10\n"; +$t = 1; + +_length_is($_, $_) for (1..8); +_length_is(0, 8); +_length_is(9, 8); + +sub _length_is { + my $in = shift; + my $out = shift; + + my $salt = random_md5_salt($in); + + if ($out == length($salt)) + { + print "ok $t\n"; + } + else + { + print "not ok $t\n"; + } + + print "# '$salt', expect len $out\n" ; + + $t++; +} Index: MANIFEST =================================================================== --- MANIFEST (.../vendor/current) (revision 7) +++ MANIFEST (.../branches/rand_md5_salt) (revision 7) @@ -3,4 +3,5 @@ PasswdMD5.pm README t/basic.t +t/salt.t META.yml Module meta-data (added by MakeMaker)
  Mon Sep 30 06:11:32 2013 RSAVAGE [...] cpan.org - Correspondence added 180 min
I (Ron) have adopted your code and tests. $many x $thanx! See V 1.40.
  Mon Sep 30 06:11:33 2013 The RT System itself - Status changed from 'new' to 'open'
  Mon Sep 30 06:11:33 2013 RSAVAGE [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Sep 30 06:11:33 2013 RSAVAGE [...] cpan.org - Fixed in 1.3 added