Joined: 18 Aug 2009
|Posted: Tue Aug 18, 2009 6:45 pm Post subject: Option to use salted htuser files
I've been using Joomla to sign up users to my radio station, and prior to one of the latest updates, the passwords were stored in plain md5. This is perfect for creating a .htuser file from, since that's what IceCast uses.
However, since this update, the passwords have been generated with a salt, therefore breaking my code. As far as I can tell, the only way I can get round this is modification of the IceCast source.
Unfortunately, I don't know as much C as I'd like to, I'm primarily a C# and PHP developer.
I've written a function in C# that performs the necessary actions on the salted password, and was wondering if perhaps somebody would help me out by converting it to C and making it an option in the icecast.xml file to use salted md5 .htuser files?
/// Passwords are stored in the following format:
/// string randomSalt = GenerateRandomSalt(length);
/// string crypt = md5(password + randomSalt);
/// string finalString = crypt + ":" + randomSalt;
/// Therefore, we need to take the finalString for the correct username and feed it into this function.
/// <param name="htUserRow">The string next to the username in an .htuser file</param>
/// <param name="enteredPass">The password entered by the user</param>
/// <returns>True or False if the password matches the stored one for that username or not, respectively</returns>
static bool MatchSaltedPass(string htUserRow, string enteredPass)
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
//Find the index of the colon
int splitIndex = htUserRow.IndexOf(':');
//Split the string up into the crypt and the salt
string crypt = htUserRow.Substring(0, splitIndex);
string salt = htUserRow.Substring(splitIndex + 1);
//Concatenate the entered password and the salt and get the ASCII bytes for the resulting string
byte inputSalted = Encoding.ASCII.GetBytes(enteredPass + salt);
//Compute the md5 hash
inputSalted = md5.ComputeHash(inputSalted);
//Convert each character to hex and append it to a new string
string inputSaltedMd5 = string.Empty;
for (int i = 0; i < inputSalted.Length; i++)
inputSaltedMd5 += inputSalted[i].ToString("x2").ToLower();
//If the encrypted entered password matches the stored one, return true, else return false
return (inputSaltedMd5 == crypt);
The other problem is, I'm actually in the process of moving my station over to a Windows server, so I'd need a Win32 build made as well.
Perhaps I'm asking too much, in which case I'm sorry and I'd like to help in any way I can.