Re-2: des encryption with rev for .htaccess password

Mark Smith lists at futilism.com
Wed Oct 29 07:40:09 EDT 2008 

Mattias, there's a fairly clear description of how to use md5 one-way  
encryption here:

http://www.pixel2life.com/publish/tutorials/118/ 
understanding_md5_password_encryption/

This would be very easy to do in Revolution.

A function might look like:

function md5crypt pPassword
    local tSalt = "h7%sz0jd63hK0db2$_=97&8!W`?&h%fg" -- just a string  
of bytes
    return md5digest(pPassword & tSalt)
end md5crypt

so when your users first choose their password, you run it through  
the md5crypt function, and store the output, and then, when you need  
to check their password when they log in, you run the password they  
give through the function and compare the output to the stored  
(encrypted) password.

Hope this helps,

Mark

On 29 Oct 2008, at 09:58, runrev260805 at m-r-d.de wrote:

> Hi Mark,
>
> i have to admit, that i am not very familiar with php and its  
> encryption.
>
> This is what i found at php.net about crypt. PHP uses a random key  
> if none is provided.
>
> --
> crypt() will return an encrypted string using the standard Unix DES- 
> based encryption algorithm or alternative algorithms that may be  
> available on the system.
>
> Some operating systems support more than one type of encryption. In  
> fact, sometimes the standard DES-based encryption is replaced by an  
> MD5-based encryption algorithm. The encryption type is triggered by  
> the salt argument. At install time, PHP determines the capabilities  
> of the crypt function and will accept salts for other encryption  
> types. If no salt is provided, PHP will auto-generate a standard  
> two character salt by default, unless the default encryption type  
> on the system is MD5, in which case a random MD5-compatible salt is  
> generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells  
> you whether a regular two character salt applies to your system or  
> the longer twelve character salt is applicable.
>
> The standard DES-based encryption crypt() returns the salt as the  
> first two characters of the output. It also only uses the first  
> eight characters of str , so longer strings that start with the  
> same eight characters will generate the same result (when the same  
> salt is used).
> --
>
> Regards,
>
> Matthias
>
>
> -------- Original Message --------
> Subject: Re: des encryption with rev for .htaccess password (28- 
> Okt-2008 17:21)
> From:    Mark Smith <lists at futilism.com>
> To:      runrev260805 at m-r-d.de
>
>> Matthias, how does the PHP encryption work? Is it using some
>> internally maintained key (password)?
>>
>> If so, I'm sure this would be possible in Rev.
>>
>> Best,
>>
>> Mark
>>
>> On 28 Oct 2008, at 14:03, runrev260805 at m-r-d.de wrote:
>>
>>> Hi,
>>>
>>> does no one know, if this is possible with revolution?
>>>
>>> Regards,
>>>
>>> Matthias
>>>
>>> -------- Original Message --------
>>> Subject: des encryption with rev for .htaccess password (27-
>>> Okt-2008 21:41)
>>> From:    runrev260805 at m-r-d.de
>>> To:      runrev260805 at m-r-d.de
>>>
>>>> Hi,
>>>>
>>>> i am working on an app, which creates .htaccess and .htpassword
>>>> files for
>>>> folder/file protection on a linux webserver.
>>>> For this i have to encrypt passwords with standard php encryption.
>>>> At the
>>>> moment i am
>>>> using a php script, which encrypts the password for me. But i want
>>>> to do
>>>> the encryption with rev, if possible.
>>>>
>>>> Does anyone know, if this is possible with Revolution? I looked at
>>>> the
>>>> encrypt command, but it seems,
>>>> that i need to provide not only the password i want to encrypt,
>>>> but also a "
>>>> password" which is used for encryption.
>>>>
>>>> Could anyone help?
>>>>
>>>> Regards,
>>>>
>>>> Matthias
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>>
>>>>
>>>>
>>>> To: use-revolution at lists.runrev.com
>>>
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
>>
>>
>> To: use-revolution at lists.runrev.com
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

More information about the use-livecode mailing list