Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
tintin++ ogg sound player script for linux
Author: Robert Smith
Submitted by: Vladaar
6Dragons ogg Soundpack
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.4
Author: Vladaar
Submitted by: Vladaar
LoP 1.46
Author: Remcon
Submitted by: Remcon
LOP 1.45
Author: Remcon
Submitted by: Remcon
Users Online
CommonCrawl, Remcon, Yandex

Members: 1
Guests: 5
Stats
Files
Topics
Posts
Members
Newest Member
481
3,735
19,370
618
Micheal64X
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Codebases » SmaugFUSS » Crypt
Forum Rules | Mark all | Recent Posts

Crypt
< Newer Topic :: Older Topic > Why does it work this way??

Pages:<< prev 1 next >>
Post is unread #1 Aug 27, 2003, 3:27 pm
Go to the top of the page
Go to the bottom of the page

Vermithrax
New Member
GroupMembers
Posts5
JoinedJul 9, 2003

Hey folks... I've been staring at the crypt code for a while, and I see
this in do_password:

if ( strcmp( crypt( arg1, ch->pcdata->pwd ), ch->pcdata->pwd ) )
{
wait_state( ch, 40 );
send_to_char( "Wrong password. Wait 10 seconds.\n\r", ch );
return;
}

So anyhow...

Why in the world are we doing a crypt of arg1 (what you type in for the new
password) and ch->pcdata->pwd??? Isn't ch->pcdata->pwd your password
already encrypted?? Why wouldn't you do a crypt of arg1 and the character's
name and compare it with ch->pcdata->pwd? Can someone explain that, please?

-Verm
       
Post is unread #2 Aug 27, 2003, 4:04 pm
Go to the top of the page
Go to the bottom of the page

Orion
Master Member
GroupMembers
Posts35
JoinedNov 12, 2002

The crypt function takes two arguments. The password, and the salt. To check the argument against the existing password in the pfile you have to crypt it and compare the crypted strings to see if they match.

The first two characters of the result of a crypt call will always be the first two characters of the salt. For example:

crypt( "temp", "Orion" );


This will result in a crypted string with 'Or' as the first two characters. This way you always know what the salt was. Why? Well, to put it simply, it makes things easier.

Say I started with a character named Arachnus. Ok, great. The salt is 'Ar'. Now, saw later down the road I change my name to Orion. If you crypt and use my current name as the salt for the argument, and compare it with the old password salted by Arachnus, then they won't match.

By calling crypt with the salt as ch->password (or whatever it is) you ensure that it uses the proper salt to compare against. Hope it helps. :)

Oh, I almost forgot. The salt helps to generate the password. Different salt, different result. Helps to randomize things. :)
       
Post is unread #3 Aug 28, 2003, 8:19 pm
Go to the top of the page
Go to the bottom of the page

Ddruid
Member
GroupMembers
Posts11
JoinedNov 17, 2002

I read in your mailing list post that you wanted to do MD5 encryption. The crypt() syscall handles this in addition to DES and I believe blowfish. In order to use MD5 encryption '$1$' must be prepended to the salt. Some implementations will also want the trailing '$' added to the end of the salt. (The salt can be more than two characters unlike DES)


#include <stdio.h>
#include <unistd.h>

#define salt "dR"
#define md5_salt "$1$dR"
#define word "coldbeer"

int 
main( )
{
  fprintf( stdout, "DES: Word: %s  Salt: %s  Result: %s\n\r", word, 
    salt, crypt( word, salt ) );
  fprintf( stdout, "MD5: Word: %s  Salt: %s  Result: %s\n\r", word, 
    md5_salt, crypt( word, md5_salt ) ); 
}


[ddruid@newbie ddruid]$ gcc -o test -lcrypt test.c
[ddruid@newbie ddruid]$ ./test
DES: Word: coldbeer Salt: dR Result: dRYPbLCn0DYpI
MD5: Word: coldbeer Salt: $1$dR Result: $1$dR$DWcjv8LqlgtVVAsnRfHeZ1
[ddruid@newbie ddruid]$
       
Pages:<< prev 1 next >>