crypt. Hashing passwords

^math:crypt[password;salt]

The method hashes
password. Parameters are password to be encrypted and salt to base encryption on.

Arguments:
password-initial string;
salt-string determining hashing algorithm and introducing an element of randomness into hashing process-consists of head and body. If body is not specified, Parser will generate a random body.

It is not very sensible to store users' passwords simply storing them in a database or saving to disk-since, having managed to steal a file or DB table with passwords, someone will be able to use them. That is why one should store not passwords themselves but their hashes-that is the result of safe and irreversible transformation of password string. While password typed in by a visitor is checked, the received string is encrypted according to the same algorithm as that of password stored in a file/database (this encrypted password is used as
salt), and the two strings are then compared .

Table with available algorithms:


Algorithm
Description
salt head
salt body
MD5
built-in in Parser, available on all platforms
$apr1$
Up to 8 random letters (in uppercase or lowercase) or numbers
MD5
if supported by UNIX OS
$1$
Up to 8 random letters (in uppercase or lowercase) or numbers
DES
if supported by UNIX OS
(no)
2 random letters (in uppercase or lowercase) or numbers
others
those supported by UNIX OS
read the documentation on your operating system, function crypt
read the documentation on your operating system, function crypt

Note: to use
$ in Parser, you must precede it with ^.

Note: Apache web-server allows using hashed passwords in password files (
.htpasswd). In this case you may use hashes of passwords created by any of the algorithms given in the above table, including algorithm built into Parser.

How to create .htpasswd file:
@main[]
$users[^
table::create{name   password
alice   xxxxxx
bob   yyyyyy
}]

$htpasswd[^table::create[nameless]{}]
^users.menu{
    ^htpasswd.append{$users.name:^math:crypt[$users.password;^$apr1^$]}
}

^htpasswd.save[nameless;.htpasswd-parser-test]

How to check password

$right[123]
$from_user[123]
$crypted[^math:crypt[$right;^$apr1^$]]
#Note: $crypted will be different every time it is referred to
$crypted<br />
^if(^math:crypt[$from_user;$crypted] 
eq $crypted){
    Eat, drink, and be merry
}{
    Call 911…
}


Detailed information on MD5 is available at http://www.ietf.org/rfc/rfc1321.txt


Copyright © 1997–2021 Art. Lebedev Studio | http://www.artlebedev.com Last updated: 04.09.2008