[Techtalk] Verify MD5-Hashed Passwords in Perl?
Almut Behrens
almut_behrens at yahoo.com
Fri Sep 14 00:15:07 EST 2001
On Thu, Sep 13, 2001 at 01:38:55PM -0700, Kai MacTane wrote:
> Hello. I need to get a Perl script to take in a username and password, read
> /etc/shadow (which is storing the passwords as MD5 hashes, rather than
> crypted), and verify that the user's password actually does match.
>
> I understand that the MD5 hash has a "salt" involved; the stored hash looks
> like:
>
> username:$1$xxxxxxxx$yyyyyyyyyyyyyyyyyyyyyy:[rest of line]
>
> , and I understand that the Xs represent the salt, with the Ys giving the
> actual hashed digest.
>
> I've looked at the MD5.pm documentation, and I can't see any way to use it
> to verify that a given string matches the stored string. But I know it must
> be possible for actual password authentication. Can anyone advise me on
> what I need? (I'm suspecting a different Perl module.)
not 100% sure, but maybe this module is what you are looking for:
http://search.cpan.org/search?dist=Crypt-PasswdMD5
or
http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.2.tar.gz
(requires Digest::MD5)
Cheers,
- Almut
More information about the Techtalk
mailing list