mkpasswd --> php for a config creator

hva · Post by **hva** » Sat Oct 01, 2005 2:58 pm

L.S.

I am working on a administrative webinterface / webtool to manage servers, links, operlines and shells. Now I've come to the point where I want the users to be able to create linkblocks and configs.

The linkblocks are already finished, the config creator aint. Mainly because I can't find the algoritm/function I need in PHP to create a password for in the config.

I would like to use the md5 algoritm because that can be used on windows systems (even if I don't like it myself).

Is there any documentation about how mkpasswd generates the password and how I can do it in PHP. I found an old thread of 2004 with this:

Code: Select all

base64_encode(pack("H*",md5("password")));

but that doesn't work anymore.

If you want to take a peak: http://escape.ninth-gate.org/ngtest/

Thanks in advance!

Moogey · Post by **Moogey** » Sat Oct 01, 2005 3:36 pm

If I understand you correctly, you're trying to md5 something through php.

The function is md5()

string md5 ( string str [, bool raw_output] )

$new = md5($old);

$new now is the md5 of $old

hva · Post by **hva** » Sat Oct 01, 2005 3:42 pm

Thanks for your reply, but the mkpasswd function of unreal doesn't use plain md5.

It uses salt afaik and something else. That is why I post it here.

aquanight · Post by **aquanight** » Sat Oct 01, 2005 5:29 pm

Generate 6 random bytes. Append them to the raw md5 output of the password. MD5 the result, then base64 encode it. The final string will be $ followed by the base64 of the 6 random bytes, followed by another $ and finally the final MD5 hash.

So assuming the password is $input...

Code: Select all

// Get the initial hash.
$firsthash = pack("H*", md5($input));
// Get six random bytes.
srand(time());
$salt = pack("c6", rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255));
// Get the final hash.
$finalhash = pack("H*", md5($firsthash . $salt));
// Format it for use in oper::password, etc.
$output = "$" . base64_encode($salt) . "$" . base64_encode($finalhash);

Edit: The process is the same for SHA1 and RIPEMD160, with the exception of replacing md5() with the corresponding function.

hva · Post by **hva** » Sat Oct 01, 2005 5:52 pm

It works like a charm!

Wonderfull! I am a very happy guy, now I can continue to work on the config creator.

Btw, the ppl who use the generator will know what everything is but they are lazy and some info will be from the db. So less chance on failures etc.

Not for noobs!!!!

Code: Select all

if ($_POST['oper_password'] != "") {
// UnrealIRCD Password generator
// Credits: aquanight

Should I add some more info aqua? e-mail/www ?!?