Encrypt passwords

Wichert Akkerman wichert at wiggy.net
Fri Aug 7 07:02:01 UTC 2009 

This should be about right, although it seems to go wrong still with 
passwords over 16 characters in a way that I have not figured out yet:

def ObfuscatePassword(challenge, password):
     xorpad=challenge.decode("hex")
     assert len(xorpad)==16
     uamsecret=pylons.config.get("chilli.uamsecret", None)
     if uamsecret:
         xorpad=hashlib.md5(xorpad+uamsecret).digest()

     while len(xorpad)<len(password):
         xorpad+=xorpad
     # NUL-pad the password to make it a multiple of the XOR-pad size
     password+="\x00"*(len(xorpad)-len(password))

     assert len(password)==len(xorpad)

     result=[]
     for i in range(len(password)):
         result.append(chr(ord(password[i]) ^ ord(xorpad[i])))
     result="".join(result)
     return result.encode("hex")



On 2009-8-7 05:46, Timothy White wrote:
> There was a PHP example included with Chilli at one stage that had the
> right "hashing"
>
> Have a poke around for that, it's probably on the net too.
>
> Tim
>
> On Fri, Aug 7, 2009 at 4:53 AM, IanC<ian.coffey at gmail.com>  wrote:
>> Hello all,
>>
>> Ive finished rewriting my captive portal logic in Python, and its
>> working wonderfully, except one big detail. Im having trouble properly
>> binary encrypting the uamsecret and password together to send to the
>> Chilli daemon for logins. I think Im close but I have im unsure what
>> format Chilli is actually expecting the password to be passed in so it
>> can properly encrypt it against the uamsecret.
>>
>> Could anyone point me to some docs (or explain) what format the Chilli
>> daemon is is expecting to get the password in so I can properly write
>> this?
>>
>> Id be very grateful.
>>
>> Thanks!
>>
>> Ian
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
>> For additional commands, e-mail: chilli-help at coova.org
>> Wiki: http://coova.org/wiki/index.php/CoovaChilli
>> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>


-- 
Wichert Akkerman <wichert at wiggy.net>   It is simple to make things.
http://www.wiggy.net/                  It is hard to make things simple.

More information about the Chilli mailing list