1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
[manpage_begin md5crypt n 1.1.0]
[moddesc {MD5-based password encryption}]
[copyright {2003, Pat Thoyts <patthoyts@users.sourceforge.net>}]
[titledesc {MD5-based password encryption}]
[category {Hashes, checksums, and encryption}]
[require Tcl 8.2]
[require md5 2.0]
[require md5crypt [opt 1.1.0]]
[description]
[para]
This package provides an implementation of the MD5-crypt password
encryption algorithm as pioneered by FreeBSD and currently in use as a
replacement for the unix crypt(3) function in many modern
systems. An implementation of the closely related Apache MD5-crypt is
also available.
The output of these commands are compatible with the BSD and OpenSSL
implementation of md5crypt and the Apache 2 htpasswd program.
[section {COMMANDS}]
[list_begin definitions]
[call [cmd "::md5crypt::md5crypt"] \
[arg "password"] \
[arg "salt"]]
Generate a BSD compatible md5-encoded password hash from the plaintext
password and a random salt (see SALT).
[call [cmd "::md5crypt::aprcrypt"] \
[arg "password"] \
[arg "salt"]]
Generate an Apache compatible md5-encoded password hash from the plaintext
password and a random salt (see SALT).
[call [cmd "::md5crypt::salt"] [opt [arg "length"]]]
Generate a random salt string suitable for use with the [cmd md5crypt] and
[cmd aprcrypt] commands.
[list_end]
[section {SALT}]
The salt passed to either of the encryption schemes implemented here
is checked to see if it begins with the encryption scheme magic string
(either "$1$" for MD5-crypt or "$apr1$" for Apache crypt). If so, this
is removed. The remaining characters up to the next $ and up to a
maximum of 8 characters are then used as the salt. The salt text
should probably be restricted the set of ASCII alphanumeric characters
plus "./" (dot and forward-slash) - this is to preserve maximum
compatability with the unix password file format.
[para]
If a password is being generated rather than checked from a password
file then the [cmd salt] command may be used to generate a random salt.
[section {EXAMPLES}]
[example {
% md5crypt::md5crypt password 01234567
$1$01234567$b5lh2mHyD2PdJjFfALlEz1
}]
[example {
% md5crypt::aprcrypt password 01234567
$apr1$01234567$IXBaQywhAhc0d75ZbaSDp/
}]
[example {
% md5crypt::md5crypt password [md5crypt::salt]
$1$dFmvyRmO$T.V3OmzqeEf3hqJp2WFcb.
}]
[section {BUGS, IDEAS, FEEDBACK}]
This document, and the package it describes, will undoubtedly contain
bugs and other problems.
Please report such in the category [emph md5crypt] of the
[uri {http://sourceforge.net/tracker/?group_id=12883} {Tcllib SF Trackers}].
Please also report any ideas for enhancements you may have for either
package and/or documentation.
[see_also md5]
[keywords md5crypt md5 hashing message-digest security]
[manpage_end]
|
