abyss.conf - password encryption

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
lazna
-


Joined: 16 Aug 2015
Posts: 27

PostPosted: Sun Feb 24, 2019 9:27 pm    Post subject: abyss.conf - password encryption Reply with quote

Trying to create user programmatically but password encryption does not work as described here (in 15 years old post) https://aprelium.com/forum/viewtopic.php?p=11088#11088

have created 'testuser' with password 'testuser' from GUI and it have password hash:

7bf1fcd6b1d5852e78e994f436d39612

but if perform command: 'echo testuser:testuser|md5sums.exe' got

114FB1223597FA6D2CB07519E9178100

Does method of password encryption change in the meantime?

Abyss Web Server X1 (v 2.12)

L.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 873

PostPosted: Fri Mar 01, 2019 6:14 pm    Post subject: Re: abyss.conf - password encryption Reply with quote

lazna,

Try instead:

Code:

echo -n "testuser:testuser" | md5sum


the echo command adds end of line and carriage return chars when called without -n. These invisible characters change the md5 sum.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 27

PostPosted: Fri Mar 01, 2019 11:28 pm    Post subject: Reply with quote

Thanks for reply.

I am on windows where echo does not accept parameters, but there is a way how to echo string without newline:

https://stackoverflow.com/questions/7105433/windows-batch-echo-without-new-line

tested this does not create trailing CRLF

---------------
echo|set /p="testuser:testuser"
testuser:testuser
---------------

but this does not help:

echo|set /p="testuser:testuser"| md5sums.exe
f9f0c452e6df5dd6cc3c5807f03f5517 *-

Any other idea?

L.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 873

PostPosted: Fri Mar 08, 2019 4:25 pm    Post subject: Reply with quote

lazna,

The post you referred to had the wrong algorithm. The good algorithm is in https://aprelium.com/forum/viewtopic.php?p=15453#15453 .

It is in pseudo-code:
Code:
MD5(BASE64( USER + ":" + PASS ))


How to do that in the command line, you can try:

Code:
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"testuser:testsuer\"))" | md5sums


The contrived powershell invocation is inspired by the discussion in https://stackoverflow.com/questions/37046771/base64-encode-string-command-line-windows . You can replace it with echo and a proper base64 encoder tool invocation if you have one.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 27

PostPosted: Thu Mar 14, 2019 6:14 pm    Post subject: SOLVED Reply with quote

So finaly, following commands chain give me identical string as one generated by program if user is added from GUI for username: 'testuser' and passwd 'testuser'

echo|set /p="testuser:testuser" | base64.exe -e | md5sums.exe

The glitch with "echo|set /p.........." is present to supress trailing CRLF.

Used external utilities:

http://www.f2ko.de/en/b64.php
MD5sums.exe from http://gnuwin32.sourceforge.net/packages/coreutils.htm package
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 873

PostPosted: Thu Mar 21, 2019 4:50 pm    Post subject: Re: SOLVED Reply with quote

lazna,

Thank you for getting back with the detailed list of tools that you've used.

As a side note, Windows scripting is painful. :)
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group