Script to encrypt/decrypt User-Password
Hi. Does anyone have a script that implements the encrypting/ decrypting algorithm of User-Password that they'd like to share? I want to be able to input the Authenticator, shared secret, a password, and then get the encrypted password in return (or vice verca). Thanks -- Tore Anderson
On Mon, Jul 18, 2005, Tore Anderson wrote:
Hi. Does anyone have a script that implements the encrypting/ decrypting algorithm of User-Password that they'd like to share? I want to be able to input the Authenticator, shared secret, a password, and then get the encrypted password in return (or vice verca).
You won't get a decrypted password without doing a dictionary check with cracklib or similar software as *nix passwords are done with a one-way encryption. Clear text passwords may be tested against the encrypted passwords using the ``crypt(3)'' C routine (python and perl have a scriptable interface to this). In python this check might be: from crypt import crypt cryptpw == crypt(plaintext, cryptpw) Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``Capitalism works primarily because most of the ways that a company can be scum end up being extremely bad for business when there's working competition.'' -rra
* Tore Anderson
Hi. Does anyone have a script that implements the encrypting/ decrypting algorithm of User-Password that they'd like to share? I want to be able to input the Authenticator, shared secret, a password, and then get the encrypted password in return (or vice verca).
* Bill Campbell
You won't get a decrypted password without doing a dictionary check with cracklib or similar software as *nix passwords are done with a one-way encryption.
Thanks for the tip, but I'm after a script that can encrypt/decrypt the User-Password attribute of a RADIUS Access-Request packet, not the stuff in /etc/passwd on a UNIX machine. This algorithm is two-way, and it is briefly described in RFC 2865 section 5.2. Regards -- Tore Anderson
Tore Anderson <tore@linpro.no> wrote:
Thanks for the tip, but I'm after a script that can encrypt/decrypt the User-Password attribute of a RADIUS Access-Request packet, not the stuff in /etc/passwd on a UNIX machine.
See src/lib/radius.c It should be a matter of a few minutes to add a wrapper around that. Alan DeKok.
* Tore Anderson
If only my C was a little less rusty than what it actually is, it might have been. :-( I'll see what I can do, though. Thanks for the tip.
I gave up, but fortunately found a Perl module which helped out. I'm attaching the script I wrote here in case someone else needs such a script one day. Regards -- Tore Anderson
participants (3)
-
Alan DeKok -
Bill Campbell -
Tore Anderson