NAME¶
md5crypt - MD5-based password encryption
SYNOPSIS¶
package require
Tcl 8.2
package require
md5 2.0
package require
md5crypt ?1.1.0?
::md5crypt::md5crypt password salt
::md5crypt::aprcrypt password salt
::md5crypt::salt ?
length?
DESCRIPTION¶
This package provides an implementation of the MD5-crypt password encryption
algorithm as pioneered by FreeBSD and currently in use as a replacement for
the unix
crypt(3) function in many modern systems. An implementation of the
closely related Apache MD5-crypt is also available. The output of these
commands are compatible with the BSD and OpenSSL implementation of md5crypt
and the Apache 2 htpasswd program.
COMMANDS¶
- ::md5crypt::md5crypt password salt
- Generate a BSD compatible md5-encoded password hash from the plaintext
password and a random salt (see SALT).
- ::md5crypt::aprcrypt password salt
- Generate an Apache compatible md5-encoded password hash from the plaintext
password and a random salt (see SALT).
- ::md5crypt::salt ?length?
- Generate a random salt string suitable for use with the md5crypt
and aprcrypt commands.
SALT¶
The salt passed to either of the encryption schemes implemented here is checked
to see if it begins with the encryption scheme magic string (either
"$1$" for MD5-crypt or "$apr1$" for Apache crypt). If so,
this is removed. The remaining characters up to the next $ and up to a maximum
of 8 characters are then used as the salt. The salt text should probably be
restricted the set of ASCII alphanumeric characters plus "./" (dot
and forward-slash) - this is to preserve maximum compatability with the unix
password file format.
If a password is being generated rather than checked from a password file then
the
salt command may be used to generate a random salt.
EXAMPLES¶
% md5crypt::md5crypt password 01234567
$1$01234567$b5lh2mHyD2PdJjFfALlEz1
% md5crypt::aprcrypt password 01234567
$apr1$01234567$IXBaQywhAhc0d75ZbaSDp/
% md5crypt::md5crypt password [md5crypt::salt]
$1$dFmvyRmO$T.V3OmzqeEf3hqJp2WFcb.
BUGS, IDEAS, FEEDBACK¶
This document, and the package it describes, will undoubtedly contain bugs and
other problems. Please report such in the category
md5crypt of the
Tcllib Trackers [
http://core.tcl.tk/tcllib/reportlist]. Please also
report any ideas for enhancements you may have for either package and/or
documentation.
SEE ALSO¶
md5
KEYWORDS¶
hashing, md5, md5crypt, message-digest, security
CATEGORY¶
Hashes, checksums, and encryption
COPYRIGHT¶
Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>