Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Option to use salted htuser files

 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
Flyte



Joined: 18 Aug 2009
Posts: 1

PostPosted: Tue Aug 18, 2009 6:45 pm    Post subject: Option to use salted htuser files Reply with quote

Hi,

I've been using Joomla to sign up users to my radio station, and prior to one of the latest updates, the passwords were stored in plain md5. This is perfect for creating a .htuser file from, since that's what IceCast uses.

However, since this update, the passwords have been generated with a salt, therefore breaking my code. As far as I can tell, the only way I can get round this is modification of the IceCast source.

Unfortunately, I don't know as much C as I'd like to, I'm primarily a C# and PHP developer.

I've written a function in C# that performs the necessary actions on the salted password, and was wondering if perhaps somebody would help me out by converting it to C and making it an option in the icecast.xml file to use salted md5 .htuser files?

Code:
/// <summary>
/// Passwords are stored in the following format:
///
/// string randomSalt = GenerateRandomSalt(length);
/// string crypt = md5(password + randomSalt);
/// string finalString = crypt + ":" + randomSalt;
///
/// Therefore, we need to take the finalString for the correct username and feed it into this function.
/// </summary>
/// <param name="htUserRow">The string next to the username in an .htuser file</param>
/// <param name="enteredPass">The password entered by the user</param>
/// <returns>True or False if the password matches the stored one for that username or not, respectively</returns>

static bool MatchSaltedPass(string htUserRow, string enteredPass)
{
    MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();

    //Find the index of the colon
    int splitIndex = htUserRow.IndexOf(':');

    //Split the string up into the crypt and the salt
    string crypt = htUserRow.Substring(0, splitIndex);
    string salt = htUserRow.Substring(splitIndex + 1);

    //Concatenate the entered password and the salt and get the ASCII bytes for the resulting string
    byte[] inputSalted = Encoding.ASCII.GetBytes(enteredPass + salt);

    //Compute the md5 hash
    inputSalted = md5.ComputeHash(inputSalted);

    //Convert each character to hex and append it to a new string
    string inputSaltedMd5 = string.Empty;
    for (int i = 0; i < inputSalted.Length; i++)
        inputSaltedMd5 += inputSalted[i].ToString("x2").ToLower();

    //If the encrypted entered password matches the stored one, return true, else return false
    return (inputSaltedMd5 == crypt);
}


The other problem is, I'm actually in the process of moving my station over to a Windows server, so I'd need a Win32 build made as well.

Perhaps I'm asking too much, in which case I'm sorry and I'd like to help in any way I can.

Cheers Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Feature Requests All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber