[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Crypt problem



I did the following to verify a crypted password:

first, get the encrypted password from ldap:
($password is password to be compared with LDAP)


$entries=ldap_get_entries($ldap,$result)
$ldappwd=$entries[0]["userPassword"][0];

check if the password is crypted:

if strstr($ldappwd,"{crypt}") {
  //remove {crypt} prefix
  $ldappwd=substr($ldappwd,7);
  // normal crypt use 2digit salt
  $salt=substr($ldappwd,0,2);
  // MD5 crypt starts with $1$, 12 digits long
  strstr($ldappwd,"$1") && $salt=substr($ldappwd,0,12);
  // Blowfish crypt has $2$ as prefix, and 16 digits long
  strstr($ldappwd,"$2$) && $salt=substr($ldappwd,0,16);
  $password=crypt($password,$salt);
}
// Now both passwords are in same format:

if ($ldappwd == $password) {
  // They match!
  // $salt is only set with crypted password
  IsSet($salt) ? $password='{crypt}'.$password
               : $password='{crypt}'.crypt($password);
               
  // This is to make sure the password is stored encrypted
  <code to process $password any further>
}

I did something similar with ntPassword and lmPassword. I used the
external program smbencrypt to provide me with the right values

HTH,

Marcel
-- 
---------------------------------------------------------------
ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
WiWo Support                                 tel. 071-523 77 91
Postbus 1098                                 fax  071-523 77 94
2340 BB Oegstgeest                           gsm  0653-50 77 76
---------------------------------------------------------------