Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Creating base64 encoded MD5 hash

by sandhuperl (Initiate)
on Sep 25, 2009 at 23:02 UTC ( #797623=perlquestion: print w/replies, xml ) Need Help??

sandhuperl has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I am trying to emulate Cisco PIX's password hash creation to create pre-set firewall configurations. Cisco PIX password hash is supposed to be md5 hash of the password string that is base64 encoded. Sample of the code to this in C is here:

When I try to do this in perl, I don't get the same result. Here's how I am trying to generate the hash in perl:
perl -MMIME::Base64 -mDigest::MD5 -e 'print encode_base64(Digest::MD5::md5("cisco"),"\n")'

The output is

Compared to the perl output, Cisco PIX and couple of other utilities that emulate PIX, give this output:

Can someone help me figure out why this difference between the two outputs?

Replies are listed 'Best First'.
Re: Creating base64 encoded MD5 hash
by almut (Canon) on Sep 26, 2009 at 00:41 UTC

    It doesn't really do base64 encoding in the usual sense, but rather only uses 24 bits of every 32 bit group of the md5 hash (thus the shorter length of the result). Also, it pads the input password with zeros (up to length 16), which produces a different md5 hash to start with.

    Anyway, here's a quick-n-dirty reimplementation of the C code in Perl:

    #!/usr/bin/perl use Digest::MD5; my $passw = "cisco"; $passw .= "\0" x (16-length($passw)); # pad with zeros my $itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr +stuvwxyz"; sub pseudo_base64 { my $md5 = shift; my $s64 = ""; for my $i (0..3) { my $v = unpack "V", substr($md5, $i*4, 4); for (1..4) { $s64 .= substr($itoa64, $v & 0x3f, 1); $v >>= 6; } } return $s64; } print pseudo_base64(Digest::MD5::md5($passw)),"\n"; # 2KFQnbNIdI.2KY +OU
Re: Creating base64 encoded MD5 hash
by merlyn (Sage) on Sep 26, 2009 at 00:41 UTC
    Well, just experimenting with the "openssl" command shows me this:
    % echo -n cisco | openssl -binary md5 | openssl base64 3+rxA5DlYK6nRcy6U+BE7Q==
    which is the same thing you get. So somewhere, the description is not as they say. You'll have to investigate upstream.

    -- Randal L. Schwartz, Perl hacker

    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://797623]
Approved by broomduster
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (3)
As of 2020-04-10 00:18 GMT
Find Nodes?
    Voting Booth?
    The most amusing oxymoron is:

    Results (49 votes). Check out past polls.