Blowfish encryption

[Matta]

Hi,
I'm creating a webpage and would like to use the eggdrop userfile as the authentication database.
I'm using PHP and the mcrypt library (which supports blowfish) to check if a password is correct. To use it, I'd need to know what salt eggdrop uses. Anyone got an idea of how it's created, how does eggdrop verify passwords?

Thanks in advance.

<font size=-1>[ This Message was edited by: Matta on 2002-02-09 18:58 ]</font>

[Wcc]

The salts are defined in src/mod/blowfish/blowfish.c. It's easy to spot .

[goldangel]

well I'm quite interested in this discussion. I'm wondering how I can get a php script output an encrypted password an eggdrop could "understand". I can't get how mcrypt can output that, can anybody help me on that point ?

[goldangel]

nevermind, as I couldn't make that mcrypt stuff work, I did a C programm that take a password in argument and returned it encrypted the eggdrop way (blowfish), this solves the problems I had. It may solve yours too Matta.

[Matta]

Thanks for the idea. I'll try that method.

[Dakota]

I'm interested more in what key uses encpass for encryption, cause there's a way to crypt the pass, but how's generated the cipher?

[goldangel]

I assume there is actually no key used by the encpass fonction. It seems to be a one way algorithm, you can encrypt a password but (happily !) can't decrypt a password. Why would you want to do that anyway ? If you want to check if a password is correct, just compare the encrypted version of it with the encrypted version in the user file.

[Dakota]

Yeah,
there's the passwdok proc for that.

The idea is to generate the password with php or perl for example.

[Variant]

Hey guys, in case anyone's interested.... I had written a Python SWIG module to do this a while back using an "eggpass.c" I stumbled across on the mailing list. For some reason, when I upgraded to Slackware 8.1, it stopped working correctly for me and was spitting out garbage (or nothing at all). In the process of trying to figure out why, I came across this thread and then decided to just look at mod/blowfish.mod/blowfish.c myself and try and port it. It didn't take loo long and appears to be working like a champ now with my SWIG module. Here's the URL:

http://www.bludgeon.org/~rayvd/source/pyEggUtils/

If you grab eggpass.c, you can use it all by itself to generate eggdrop passwords. Or grab the whole tarball if you're familiar with Python!

Comments? I'm thinking of doing a mod_auth_eggdrop for Apache, and/or doing a PHP port of this.

[qwert]

yes please make a php port of it

if not, I don't know C and cant figure out how to get the egg's 2 salts to work with php's crypt() function, any ideas?

[PoTa]

hi

i'm pleased find your .c, i was looking for it for a week now.. my prob wuz the same, have the mysql db with user passwds and have to encrypt what user typed in to match.. i also tried to modify blowfish.c, but still too dumb to get that work, so thanks, works perfectly, i just optimize it for my needs (only encryption ::))) so thanks again PoTa

[KnoXvILLe]

i have i little question here,the blowfish module in the eggdrop.for what is the blowfish module?

[KrzychuG]

i have i little question here,the blowfish module in the eggdrop.for what is the blowfish module?

Password encryption as default. You may also use it to encrypt other data, for example encrypted botnet comunication in tcl etc.

[KnoXvILLe]

thanks for explaining

[makam]

It didn't take loo long and appears to be working like a champ now with my SWIG module. Here's the URL:

http://www.bludgeon.org/~rayvd/source/pyEggUtils/

If you grab eggpass.c, you can use it all by itself to generate eggdrop passwords. Or grab the whole tarball if you're familiar with Python!

Error 404 ?
Wrong link?


Thx.