Re-4: des encryption with rev for .htaccess password

Mark Smith lists at futilism.com
Wed Oct 29 11:26:43 EDT 2008


Mattias, I think I understand. If it's apache that checks the  
passwords in use, then my function won't help.

You could use the htpasswd command in a hell call to encrypt the  
passwords, perhaps:

http://httpd.apache.org/docs/2.0/programs/htpasswd.html

Best,

Mark


On 29 Oct 2008, at 15:07, runrev260805 at m-r-d.de wrote:

> Hi Mark,
>
> maybe i was not clear enough.
>
> I want to create and encrypt passwords with rev, which then can be  
> used for http authentication on a webserver.
>
> I want my rev app to create a folder on the webserver, create  
> passwords,encrypt them, create the .httaccess and the .htpassword  
> file and upload them to the newly created folder.
>
> My rev app is already doing so, with one exception: I am using a  
> php file on the webserver to encrypt  the passwords. I am using the  
> following code to get the encrypted password into rev.
>
> put URL ("http://...../passwdcreate.php?pass=" & sPassword) into  
> sOutput
> if line 1 of sOutput is "Password created"
> then
> put line 2 of sOutput into sEncryptedPassword
> and so on
>
>
> My PHP code is like this
>
> <?php
> // Passwort setzen
> echo "Password created";
> echo"<br>"	;
> echo crypt($pass , 'sa');
> ?>
>
>
> Regards,
>
> Matthias
>
> -------- Original Message --------
> Subject: Re: Re-2: des encryption with rev for .htaccess password  
> (29-Okt-2008 12:43)
> From:    Mark Smith <lists at futilism.com>
> To:      runrev260805 at m-r-d.de
>
>> Mattias, there's a fairly clear description of how to use md5 one-way
>> encryption here:
>>
>> http://www.pixel2life.com/publish/tutorials/118/
>> understanding_md5_password_encryption/
>>
>> This would be very easy to do in Revolution.
>>
>> A function might look like:
>>
>> function md5crypt pPassword
>>     local tSalt = "h7%sz0jd63hK0db2$_=97&8!W`?&h%fg" -- just a string
>> of bytes
>>     return md5digest(pPassword & tSalt)
>> end md5crypt
>>
>> so when your users first choose their password, you run it through
>> the md5crypt function, and store the output, and then, when you need
>> to check their password when they log in, you run the password they
>> give through the function and compare the output to the stored
>> (encrypted) password.
>>
>> Hope this helps,
>>
>> Mark
>>
>> On 29 Oct 2008, at 09:58, runrev260805 at m-r-d.de wrote:
>>
>>> Hi Mark,
>>>
>>> i have to admit, that i am not very familiar with php and its
>>> encryption.
>>>
>>> This is what i found at php.net about crypt. PHP uses a random key
>>> if none is provided.
>>>
>>> --
>>> crypt() will return an encrypted string using the standard Unix DES-
>>> based encryption algorithm or alternative algorithms that may be
>>> available on the system.
>>>
>>> Some operating systems support more than one type of encryption. In
>>> fact, sometimes the standard DES-based encryption is replaced by an
>>> MD5-based encryption algorithm. The encryption type is triggered by
>>> the salt argument. At install time, PHP determines the capabilities
>>> of the crypt function and will accept salts for other encryption
>>> types. If no salt is provided, PHP will auto-generate a standard
>>> two character salt by default, unless the default encryption type
>>> on the system is MD5, in which case a random MD5-compatible salt is
>>> generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells
>>> you whether a regular two character salt applies to your system or
>>> the longer twelve character salt is applicable.
>>>
>>> The standard DES-based encryption crypt() returns the salt as the
>>> first two characters of the output. It also only uses the first
>>> eight characters of str , so longer strings that start with the
>>> same eight characters will generate the same result (when the same
>>> salt is used).
>>> --
>>>
>>> Regards,
>>>
>>> Matthias
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: des encryption with rev for .htaccess password (28-
>>> Okt-2008 17:21)
>>> From:    Mark Smith <lists at futilism.com>
>>> To:      runrev260805 at m-r-d.de
>>>
>>>> Matthias, how does the PHP encryption work? Is it using some
>>>> internally maintained key (password)?
>>>>
>>>> If so, I'm sure this would be possible in Rev.
>>>>
>>>> Best,
>>>>
>>>> Mark
>>>>
>>>> On 28 Oct 2008, at 14:03, runrev260805 at m-r-d.de wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> does no one know, if this is possible with revolution?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Matthias
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: des encryption with rev for .htaccess password (27-
>>>>> Okt-2008 21:41)
>>>>> From:    runrev260805 at m-r-d.de
>>>>> To:      runrev260805 at m-r-d.de
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> i am working on an app, which creates .htaccess and .htpassword
>>>>>> files for
>>>>>> folder/file protection on a linux webserver.
>>>>>> For this i have to encrypt passwords with standard php  
>>>>>> encryption.
>>>>>> At the
>>>>>> moment i am
>>>>>> using a php script, which encrypts the password for me. But i  
>>>>>> want
>>>>>> to do
>>>>>> the encryption with rev, if possible.
>>>>>>
>>>>>> Does anyone know, if this is possible with Revolution? I  
>>>>>> looked at
>>>>>> the
>>>>>> encrypt command, but it seems,
>>>>>> that i need to provide not only the password i want to encrypt,
>>>>>> but also a "
>>>>>> password" which is used for encryption.
>>>>>>
>>>>>> Could anyone help?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Matthias
>>>>>> _______________________________________________
>>>>>> use-revolution mailing list
>>>>>> use-revolution at lists.runrev.com
>>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>>> subscription preferences:
>>>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> To: use-revolution at lists.runrev.com
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> use-revolution mailing list
>>>>> use-revolution at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>>
>>>>
>>>>
>>>> To: use-revolution at lists.runrev.com
>>>
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
>>
>>
>> To: use-revolution at lists.runrev.com
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution




More information about the use-livecode mailing list