Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

md5_base issue

by jimbus (Friar)
on Feb 07, 2006 at 21:17 UTC ( #528636=perlquestion: print w/ replies, xml ) Need Help??
jimbus has asked for the wisdom of the Perl Monks concerning the following question:

Alright, I'm pretty sure I have a typo or s simple misunderstanding, but I can't see it at the moment and would appreciate the monks input.

I'm following Ovid's tutorial and I've been paraphrasing the code as I go along. Following his lead, but not always using the same style and have been doing well so far... that is until I reached about the 80% mark of lesson five on digesting the password file.

The issue I'm having is the digested password from the file doesn't match the one I'm generating from form data. I've included 1)the string that I'm generating on the command line and inserting into the config file, 2) The config file contents, 3) the print out from the web page which includes the password from the form, the generated digest, the digest read from the file and the salt read from the file and 4) the source code:

1) the digest created on the command line

ruth# perl -MDigest::MD5=md5_base64 -e 'print md5_base64("submij","#f% +w#$g0?")' NlAxyO72B/aVIBYf1eOBFw

2) The contents of the config file

{ salt => '#f%w#$g0?', users => '/usr/local/httpd/data/users/' }

3) the print out from the web page which includes the password from the form, the generated digest, the digest read from the file and the salt read from the file

>submij::uElfm86fvqS1TDQlO6vlPA::NlAxyO72B/aVIBYf1eOBFw::#f%w#$g0?

4) the source code

#!/usr/bin/perl use strict; use CGI::Pretty qw(:standard); use Digest::MD5 qw(md5_based64); use constant USER_DATA => '/usr/local/httpd/data/users/'; use constant ERR_MSG => 'Your username and password information did no +t match. #!/usr/bin/perl use strict; use CGI::Pretty qw(:standard); use Digest::MD5 qw(md5_based64); use constant CONF => '/usr/local/httpd/data/users/'; use constant ERR_MSG => 'Your username and password information did no +t match. Check to see that you do not have Caps Lock on, hit the back button, a +nd try again.'; my $config = do(CONFIG}' #!/usr/bin/perl use strict; use CGI::Pretty qw(:standard); use Digest::MD5 qw(md5_base64); use CGI::Carp qw(fatalsToBrowser); use constant CONF => '/usr/local/httpd/data/users/'; use constant ERR_MSG => 'Your username and password information did no +t match. Check to see that you do not have Caps Lock on, hit the back button, a +nd try aga in.'; my $config = do(CONF); my $_username = param( 'username' ) || ''; my $_password = param( 'password' ) || ''; my $_remember = param( 'remember' ) || ''; my ($username) = ($_username =~ /(\w+)/); my ($password) = ($_password =~ /(\w+)/); my ($remember) = ($_remember =~ /(\w+)/); use CGI::Carp qw(fatalsToBrowser); use constant CONF => '/usr/local/httpd/data/users/'; use constant ERR_MSG => 'Your username and password information did no +t match. Check to see that you do not have Caps Lock on, hit the back button, a +nd try aga in.'; my $config = do(CONF); my $_username = param( 'username' ) || ''; #!/usr/bin/perl use strict; use CGI::Pretty qw(:standard); use Digest::MD5 qw(md5_base64); use CGI::Carp qw(fatalsToBrowser); use constant CONF => '/usr/local/httpd/data/conf/test.conf'; use constant ERR_MSG => 'Your username and password information did no +t match. Check to see that you do not have Caps Lock on, hit the back button, a +nd try aga in.'; my $config = do(CONF); my $_username = param( 'username' ) || ''; my $_password = param( 'password' ) || ''; my $_remember = param( 'remember' ) || ''; my ($username) = ($_username =~ /(\w+)/); my ($password) = ($_password =~ /(\w+)/); my ($remember) = ($_remember =~ /(\w+)/); # the rest of the program goes here. my $userfile = $config->{ users } . $username; my $message = ERR_MSG; $message = $config->{users} . $username; open (USER, "< $userfile") or display_page($userfile . $username), exi +t; chomp (my ( $real_password, $sessionID, $remember) = <USER>); close USER; my $digest = md5_base64($password,$config->{salt}); if ($digest eq $real_password) { $message = "Hello, $username. You gave me a good password"; } display_page('>'.$password . '::' .$digest. '::'.$real_password . '::' + .$config- >{salt}); exit; sub display_page { my $message = shift; print header, start_html, p($message). end_html; }

>submij::uElfm86fvqS1TDQlO6vlPA::NlAxyO72B/aVIBYf1eOBFw::#f%w#$g0?

UPDATE: olus is apparently correct, I came up with a bad seed... that is the $g0 subset its undef and was dropping out causing me to have different salts, with out knowing it. Changing the salt fixed the issue. Hopefully, some monkey somewhere has written Shakespear :)

Thanks to all for your input!


--Jimbus aka Jim Babcock
Wireless Data Engineer and Geek Wannabe
jim-dot-babcock-at-usa-dot-com

Edit: g0n - readmore tags

Comment on md5_base issue
Select or Download Code
Re: md5_base issue
by GrandFather (Cardinal) on Feb 07, 2006 at 21:37 UTC

    I see no mismatched digest there. There are three instances of NlAxyO72B/aVIBYf1eOBFw in your post - should one of them be different? Where's the problem?


    DWIM is Perl's answer to Gödel

      $digest and $real_password don't match and they should.

      3) shows the password from the form, the script generated digest ($digest), the digest read from the config ($real_password) and the salt read from the config.

      2) shows I'm, using using the same password and salt when I generate the digest for the config file on the command line.

      As far as I can see the second and third fields of 3) should match and they don't... thats the problem :)


      --Jimbus aka Jim Babcock
      Wireless Data Engineer and Geek Wannabe
      jim-dot-babcock-at-usa-dot-com
Re: md5_base issue
by zentara (Archbishop) on Feb 07, 2006 at 22:24 UTC
    I will say that when Crypt acts funny, it often is because one of your values has a superfluous newline. Try printing out all your values, and see if they have \n or \r\n appended. You can use chomp to clean them up. The newlines are invisible to the eye, but md5sum requires exactness.

    I'm not really a human, but I play one on earth. flash japh
Re: md5_base issue
by olus (Curate) on Feb 07, 2006 at 22:36 UTC
    Your seed is
    #f%w#$g0?
    When you generated your md5 the seed was actually
    #f%w#?
    as $g0 is undef
    So, the awfull truth is you are using different seeds (c:

    --
    olus

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://528636]
Approved by GrandFather
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2014-11-29 10:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (204 votes), past polls