Announcement

Collapse
No announcement yet.

CRYPT

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    CRYPT



    Hello miva-users,

    I need to do some password stuff. Can't seem to figure out how the CRYPT command works. I seem to
    missing something with what it actually does. Maybe some sample code
    that explains it. Miva docs aren't that clear to me. Also, is there a
    De-CRYPT command?

    --
    Best regards,
    Scott
    IDS mailto:[email protected]



    #2
    CRYPT



    I would recommend reading the fine manual again and carefully :)
    Although people often complain it is not good, I am of a quite the opposite
    opinion - it contains all necessary; all you need is reading it carefully.
    At the CRYPT operant it tells:
    (i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

    "plaintext CRYPT key Performs a one-way encryption, similar to that provided
    with the UNIX crypt command. The string plaintext is encrypted using the
    string key (this string is sometimes called a 'salt'). key can be any two
    characters (extra characters will be ignored). Only the first eight
    characters of plaintext will be used in the encryption. key is used as the
    first two characters of the encrypted value. CRYPT always yields the same
    result when applied to a particular plaintext and key."

    As explained it is actually not an encryption function, but rather an
    asymmetric hash function, whose only purpose is exactly the opposite of what
    you are looking for - the result MUST NOT be decryptable. For symmetric
    encryption you will need to use encryption functions described in the
    built-in function section at
    <A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338 (compiled">http://www.miva.com/docs/ScriptGuide...de.html#497338 (compiled</A>
    Miva Script v4 only). If you need some examples of use, then you can review
    Miva Merchant source code.

    For uncompiled script, you would need external symmetric encryption (there
    are some article and links on my website)

    Ivo Truxa

    | http://miva.truxoft.com
    | Advanced Miva Merchant modules




    -----Original Message-----
    From: IDS


    Hello miva-users,

    I need to do some password stuff. Can't seem to figure out how the CRYPT
    command works. I seem to
    missing something with what it actually does. Maybe some sample code
    that explains it. Miva docs aren't that clear to me. Also, is there a
    De-CRYPT command?

    --
    Best regards,
    Scott
    IDS mailto:[email protected]



    Comment


      #3
      Re[2]: CRYPT




      Never said the manual isn't good. I said the explanation wasn't
      "clear" to me. I see no example of how to use the command for syntax
      purposes. I really didn't grow up on UNIX based OS so I wouldn't know
      from that point of view either.

      What I do understand is that, with no de-crypt, and only one-way, that
      means my string, that is being evaluated, that is already 'CRYPT'ED,
      is going to be compared to some input value. For instance:

      g.password EQ user.d.password

      g.password is plain text and user.d.password has been stored as CRYPT,
      the comparison will fail. How do I CRYPT the user input, g.password,
      so that it will compare properly so I get the appropriate pass/fail?
      What is the syntax?

      Also, further, I am working on an independent application that uses MM admin
      users db (will read other dbs as well). I eventually will need to read the user names and passwords
      as an admin in MM.

      Thanks,

      Scott
      IDS



      Monday, January 10, 2005, 3:17:41 AM, you wrote:

      IT> I would recommend reading the fine manual again and carefully :)
      IT> Although people often complain it is not good, I am of a quite the opposite
      IT> opinion - it contains all necessary; all you need is reading it carefully.
      IT> At the CRYPT operant it tells:
      IT> (i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

      IT> "plaintext CRYPT key Performs a one-way encryption, similar to that provided
      IT> with the UNIX crypt command. The string plaintext is encrypted using the
      IT> string key (this string is sometimes called a 'salt'). key can be any two
      IT> characters (extra characters will be ignored). Only the first eight
      IT> characters of plaintext will be used in the encryption. key is used as the
      IT> first two characters of the encrypted value. CRYPT always yields the same
      IT> result when applied to a particular plaintext and key."

      IT> As explained it is actually not an encryption function, but rather an
      IT> asymmetric hash function, whose only purpose is exactly the opposite of what
      IT> you are looking for - the result MUST NOT be decryptable. For symmetric
      IT> encryption you will need to use encryption functions described in the
      IT> built-in function section at
      IT> <A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338 (compiled">http://www.miva.com/docs/ScriptGuide...de.html#497338 (compiled</A>
      IT> Miva Script v4 only). If you need some examples of use, then you can review
      IT> Miva Merchant source code.

      IT> For uncompiled script, you would need external symmetric encryption (there
      IT> are some article and links on my website)

      IT> Ivo Truxa

      IT> | http://miva.truxoft.com
      IT> | Advanced Miva Merchant modules




      IT> -----Original Message-----
      IT> From: IDS


      IT> Hello miva-users,

      IT> I need to do some password stuff. Can't seem to figure out how the CRYPT
      IT> command works. I seem to
      IT> missing something with what it actually does. Maybe some sample code
      IT> that explains it. Miva docs aren't that clear to me. Also, is there a
      IT> De-CRYPT command?




      --
      Best regards,
      IDS mailto:[email protected]


      Comment


        #4
        Re[2]: CRYPT



        If you are comparing two strings, then they have to be both hashed
        (CRYPT-ed) in the very same way, of course. Use the same syntax on both
        parts.

        As for examples and the way MM admin handles passwords, you really best open
        the source code and search for the string 'CRYPT'.

        Ivo Truxa

        | http://miva.truxoft.com
        | Advanced Miva Merchant modules



        -----Original Message-----
        From: IDS


        Never said the manual isn't good. I said the explanation wasn't
        "clear" to me. I see no example of how to use the command for syntax
        purposes. I really didn't grow up on UNIX based OS so I wouldn't know
        from that point of view either.

        What I do understand is that, with no de-crypt, and only one-way, that
        means my string, that is being evaluated, that is already 'CRYPT'ED,
        is going to be compared to some input value. For instance:

        g.password EQ user.d.password

        g.password is plain text and user.d.password has been stored as CRYPT,
        the comparison will fail. How do I CRYPT the user input, g.password,
        so that it will compare properly so I get the appropriate pass/fail?
        What is the syntax?

        Also, further, I am working on an independent application that uses MM admin
        users db (will read other dbs as well). I eventually will need to read the
        user names and passwords
        as an admin in MM.

        Thanks,

        Scott
        IDS



        Monday, January 10, 2005, 3:17:41 AM, you wrote:

        IT> I would recommend reading the fine manual again and carefully :)
        IT> Although people often complain it is not good, I am of a quite the
        opposite
        IT> opinion - it contains all necessary; all you need is reading it
        carefully.
        IT> At the CRYPT operant it tells:
        IT> (i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

        IT> "plaintext CRYPT key Performs a one-way encryption, similar to that
        provided
        IT> with the UNIX crypt command. The string plaintext is encrypted using the
        IT> string key (this string is sometimes called a 'salt'). key can be any
        two
        IT> characters (extra characters will be ignored). Only the first eight
        IT> characters of plaintext will be used in the encryption. key is used as
        the
        IT> first two characters of the encrypted value. CRYPT always yields the
        same
        IT> result when applied to a particular plaintext and key."

        IT> As explained it is actually not an encryption function, but rather an
        IT> asymmetric hash function, whose only purpose is exactly the opposite of
        what
        IT> you are looking for - the result MUST NOT be decryptable. For symmetric
        IT> encryption you will need to use encryption functions described in the
        IT> built-in function section at
        IT> <A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338">http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338</A>
        (compiled
        IT> Miva Script v4 only). If you need some examples of use, then you can
        review
        IT> Miva Merchant source code.

        IT> For uncompiled script, you would need external symmetric encryption
        (there
        IT> are some article and links on my website)

        IT> Ivo Truxa

        IT> | http://miva.truxoft.com
        IT> | Advanced Miva Merchant modules




        IT> -----Original Message-----
        IT> From: IDS


        IT> Hello miva-users,

        IT> I need to do some password stuff. Can't seem to figure out how the CRYPT
        IT> command works. I seem to
        IT> missing something with what it actually does. Maybe some sample code
        IT> that explains it. Miva docs aren't that clear to me. Also, is there a
        IT> De-CRYPT command?





        Comment


          #5
          Re[2]: CRYPT



          On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance
          to the following:

          >
          > Never said the manual isn't good. I said the explanation wasn't
          > "clear" to me. I see no example of how to use the command for syntax
          > purposes. I really didn't grow up on UNIX based OS so I wouldn't know
          > from that point of view either.
          >
          > What I do understand is that, with no de-crypt, and only one-way, that
          > means my string, that is being evaluated, that is already 'CRYPT'ED,
          > is going to be compared to some input value. For instance:
          >
          You simply encrypt the value to be tested using the same salt (which can
          be found as the first two characters of the stored encrypted value)

          <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
          substring(user.d.password,1,2)}"
          <MvIF EXPR="{g.testpass EQ user.d.password}">

          These days I use Ivo's MD5 algorithm, which is considerably stronger than
          CRYPT and removes all restrictions on password length and characters.
          --
          Richard Grevers
          Between two evils always pick the one you haven't tried



          Comment


            #6
            Re[4]: CRYPT



            Thanks, got it working now. I needed the correct syntax -- of course.
            :-)

            The docs really needs examples. Richard's email helped clarify which
            var was the source and what the result would/should be. I was able to
            recreate some test code that verified the results.

            Regards,

            Scott
            IDS

            Monday, January 10, 2005, 11:45:52 AM, you wrote:

            RG> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance
            RG> to the following:

            >>
            >> Never said the manual isn't good. I said the explanation wasn't
            >> "clear" to me. I see no example of how to use the command for syntax
            >> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
            >> from that point of view either.
            >>
            >> What I do understand is that, with no de-crypt, and only one-way, that
            >> means my string, that is being evaluated, that is already 'CRYPT'ED,
            >> is going to be compared to some input value. For instance:
            >>
            RG> You simply encrypt the value to be tested using the same salt (which can
            RG> be found as the first two characters of the stored encrypted value)

            RG> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
            RG> substring(user.d.password,1,2)}"
            RG> <MvIF EXPR="{g.testpass EQ user.d.password}">

            RG> These days I use Ivo's MD5 algorithm, which is considerably stronger than
            RG> CRYPT and removes all restrictions on password length and characters.



            --
            Best regards,
            IDS mailto:[email protected]


            Comment


              #7
              Re[4]: CRYPT



              From: IDS
              > The docs really needs examples.

              In fact, Miva delivers several megabytes of examples in their Miva Merchant
              code. There are, of course, also other numerous applications, both from Miva
              or from 3rd parties available.

              I actually did not post the sample syntax quite deliberately, and pointed to
              the source code instead. I find that young or inexperienced developers are
              helped much better when they learn how to work alone, then when they get
              used screaming for help at each trivial problem and waiting for a good soul
              willing to do the work of hitting the F3 key in the source code and copying
              and pasting the snippet to them. Although you usually get the answer from
              the list within hours or even minutes, if you learn working independently
              and check available sources (documentation, source code, Google), you will
              usually find it much quicker. Additionally you will remember the solution
              much better, and will be able to solve more difficult tasks easier next
              time.

              I do not tell it to discourage people from posting - in fact, we old
              residents are thankful for any post on this semi-dead list (as long as it
              does not ask how to unsubscribe - that's being forwarded to Crazy Tony). I
              really told it because I think that if a new developer wants to become a
              good programmer, first of all he needs to learn working and thinking
              independently, and rather challenging the community with more complex
              problems.

              Ivo
              http://mivo.truxoft.com





              -----Original Message-----
              From: IDS

              Thanks, got it working now. I needed the correct syntax -- of course.
              :-)

              The docs really needs examples. Richard's email helped clarify which
              var was the source and what the result would/should be. I was able to
              recreate some test code that verified the results.

              Regards,

              Scott
              IDS

              Monday, January 10, 2005, 11:45:52 AM, you wrote:

              RG> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance

              RG> to the following:

              >>
              >> Never said the manual isn't good. I said the explanation wasn't
              >> "clear" to me. I see no example of how to use the command for syntax
              >> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
              >> from that point of view either.
              >>
              >> What I do understand is that, with no de-crypt, and only one-way, that
              >> means my string, that is being evaluated, that is already 'CRYPT'ED,
              >> is going to be compared to some input value. For instance:
              >>
              RG> You simply encrypt the value to be tested using the same salt (which can

              RG> be found as the first two characters of the stored encrypted value)

              RG> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
              RG> substring(user.d.password,1,2)}"
              RG> <MvIF EXPR="{g.testpass EQ user.d.password}">

              RG> These days I use Ivo's MD5 algorithm, which is considerably stronger
              than
              RG> CRYPT and removes all restrictions on password length and characters.


              Comment


                #8
                Re[6]: CRYPT



                Hello Ivo,

                You've assumed way too much. We don't get too many newbies on here.
                You actually wasted a little of my time. That's OK!
                because, I agree with about much of what you say and appreciate your
                effort. But I had already spent much
                time looking/sifting through MM code, writing and testing some code, before even thinking about
                posting. I rarely post with questions. Hence, you believe me to be a
                new developer. In my 5+ years writing miva script, I haven't needed to deal
                with this subject -- and I'm sure I'll find many other subjects in the future
                too.

                BTW: MM is not always the best example of good programming practices and
                you have once said, the programming of MM is quite verbose. At least I
                think it was you. If the docs about CRYPT were
                clear to me, I obviously would not have posted.

                Further, Good programming documentation will always have valid
                examples to show all the characteristics of that
                function/modifier/etc. This command is probably a modifier or
                something ... What var went where was not obvious for some
                reason...maybe I needed some more caffiene. I did however need some
                clarification as what was being done to who (whom?). The examples I
                received helped me troubleshoot my test code I was using to verify.
                Simple as that.

                Regards,

                Scott
                IDS



                Monday, January 10, 2005, 2:12:36 PM, you wrote:

                IT> From: IDS
                >> The docs really needs examples.

                IT> In fact, Miva delivers several megabytes of examples in their Miva Merchant
                IT> code. There are, of course, also other numerous applications, both from Miva
                IT> or from 3rd parties available.

                IT> I actually did not post the sample syntax quite deliberately, and pointed to
                IT> the source code instead. I find that young or inexperienced developers are
                IT> helped much better when they learn how to work alone, then when they get
                IT> used screaming for help at each trivial problem and waiting for a good soul
                IT> willing to do the work of hitting the F3 key in the source code and copying
                IT> and pasting the snippet to them. Although you usually get the answer from
                IT> the list within hours or even minutes, if you learn working independently
                IT> and check available sources (documentation, source code, Google), you will
                IT> usually find it much quicker. Additionally you will remember the solution
                IT> much better, and will be able to solve more difficult tasks easier next
                IT> time.

                IT> I do not tell it to discourage people from posting - in fact, we old
                IT> residents are thankful for any post on this semi-dead list (as long as it
                IT> does not ask how to unsubscribe - that's being forwarded to Crazy Tony). I
                IT> really told it because I think that if a new developer wants to become a
                IT> good programmer, first of all he needs to learn working and thinking
                IT> independently, and rather challenging the community with more complex
                IT> problems.

                IT> Ivo
                IT> http://mivo.truxoft.com





                IT> -----Original Message-----
                IT> From: IDS

                IT> Thanks, got it working now. I needed the correct syntax -- of course.
                IT> :-)

                IT> The docs really needs examples. Richard's email helped clarify which
                IT> var was the source and what the result would/should be. I was able to
                IT> recreate some test code that verified the results.

                IT> Regards,

                IT> Scott
                IT> IDS

                IT> Monday, January 10, 2005, 11:45:52 AM, you wrote:

                RG>> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance

                RG>> to the following:

                >>>
                >>> Never said the manual isn't good. I said the explanation wasn't
                >>> "clear" to me. I see no example of how to use the command for syntax
                >>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
                >>> from that point of view either.
                >>>
                >>> What I do understand is that, with no de-crypt, and only one-way, that
                >>> means my string, that is being evaluated, that is already 'CRYPT'ED,
                >>> is going to be compared to some input value. For instance:
                >>>
                RG>> You simply encrypt the value to be tested using the same salt (which can

                RG>> be found as the first two characters of the stored encrypted value)

                RG>> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
                RG>> substring(user.d.password,1,2)}"
                RG>> <MvIF EXPR="{g.testpass EQ user.d.password}">

                RG>> These days I use Ivo's MD5 algorithm, which is considerably stronger
                IT> than
                RG>> CRYPT and removes all restrictions on password length and characters.


                Comment


                  #9
                  CRYPT



                  > This command is probably a modifier or

                  Yes, it is an operator, and as most other operators (except of NOT), it has
                  two operands. The simplest example of use is in fact already directly in the
                  first line of the operator description in the documentation, just like at
                  the other operators above it:

                  plaintext CRYPT key


                  > something ... What var went where was not obvious for some
                  > reason...maybe I needed some more caffiene. I did however
                  > need some clarification as what was being done to who (whom?)

                  Yes, Scott, I understand. Please do not be mistaken or offended; I did not
                  mind at all that you posted the question. I am just telling that if you've
                  hit the search key over Merchant sources (that you certainly use daily), you
                  would have seen the same (or very similar) example in 20 seconds. But for
                  some reason you preferred waiting few hours till someone copies and pasts
                  the code to you. And that was exactly the point - there is no problem in
                  asking, and we are all happy to help here, but I find important to point the
                  developer to the right place so he can figure out the problem alone, and
                  learn finding solutions independently better, than doing the homework for
                  him.

                  You are right that I told that Merchant code is quite (over)verbose.
                  Although it is not very good for the performance, in contrary it (in most
                  cases) simplifies the understanding of the code considerably (at least as
                  for such simple syntax questions goes).

                  And yes, I know that you developed and sell some fine Miva Merchant modules,
                  so please excuse if I wasted your time (as you wrote) with my mentoring :)

                  Ivo
                  http://mivo.truxoft.com



                  -----Original Message-----
                  From: IDS

                  Hello Ivo,

                  You've assumed way too much. We don't get too many newbies on here.
                  You actually wasted a little of my time. That's OK!
                  because, I agree with about much of what you say and appreciate your
                  effort. But I had already spent much
                  time looking/sifting through MM code, writing and testing some code, before
                  even thinking about
                  posting. I rarely post with questions. Hence, you believe me to be a
                  new developer. In my 5+ years writing miva script, I haven't needed to deal
                  with this subject -- and I'm sure I'll find many other subjects in the
                  future
                  too.

                  BTW: MM is not always the best example of good programming practices and
                  you have once said, the programming of MM is quite verbose. At least I
                  think it was you. If the docs about CRYPT were
                  clear to me, I obviously would not have posted.

                  Further, Good programming documentation will always have valid
                  examples to show all the characteristics of that
                  function/modifier/etc. This command is probably a modifier or
                  something ... What var went where was not obvious for some
                  reason...maybe I needed some more caffiene. I did however need some
                  clarification as what was being done to who (whom?). The examples I
                  received helped me troubleshoot my test code I was using to verify.
                  Simple as that.

                  Regards,

                  Scott
                  IDS



                  Monday, January 10, 2005, 2:12:36 PM, you wrote:

                  IT> From: IDS
                  >> The docs really needs examples.

                  IT> In fact, Miva delivers several megabytes of examples in their Miva
                  Merchant
                  IT> code. There are, of course, also other numerous applications, both from
                  Miva
                  IT> or from 3rd parties available.

                  IT> I actually did not post the sample syntax quite deliberately, and
                  pointed to
                  IT> the source code instead. I find that young or inexperienced developers
                  are
                  IT> helped much better when they learn how to work alone, then when they get
                  IT> used screaming for help at each trivial problem and waiting for a good
                  soul
                  IT> willing to do the work of hitting the F3 key in the source code and
                  copying
                  IT> and pasting the snippet to them. Although you usually get the answer
                  from
                  IT> the list within hours or even minutes, if you learn working
                  independently
                  IT> and check available sources (documentation, source code, Google), you
                  will
                  IT> usually find it much quicker. Additionally you will remember the
                  solution
                  IT> much better, and will be able to solve more difficult tasks easier next
                  IT> time.

                  IT> I do not tell it to discourage people from posting - in fact, we old
                  IT> residents are thankful for any post on this semi-dead list (as long as
                  it
                  IT> does not ask how to unsubscribe - that's being forwarded to Crazy Tony).
                  I
                  IT> really told it because I think that if a new developer wants to become a
                  IT> good programmer, first of all he needs to learn working and thinking
                  IT> independently, and rather challenging the community with more complex
                  IT> problems.

                  IT> Ivo
                  IT> http://mivo.truxoft.com





                  IT> -----Original Message-----
                  IT> From: IDS

                  IT> Thanks, got it working now. I needed the correct syntax -- of course.
                  IT> :-)

                  IT> The docs really needs examples. Richard's email helped clarify which
                  IT> var was the source and what the result would/should be. I was able to
                  IT> recreate some test code that verified the results.

                  IT> Regards,

                  IT> Scott
                  IT> IDS

                  IT> Monday, January 10, 2005, 11:45:52 AM, you wrote:

                  RG>> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave
                  utterance

                  RG>> to the following:

                  >>>
                  >>> Never said the manual isn't good. I said the explanation wasn't
                  >>> "clear" to me. I see no example of how to use the command for syntax
                  >>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
                  >>> from that point of view either.
                  >>>
                  >>> What I do understand is that, with no de-crypt, and only one-way, that
                  >>> means my string, that is being evaluated, that is already 'CRYPT'ED,
                  >>> is going to be compared to some input value. For instance:
                  >>>
                  RG>> You simply encrypt the value to be tested using the same salt (which
                  can

                  RG>> be found as the first two characters of the stored encrypted value)

                  RG>> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
                  RG>> substring(user.d.password,1,2)}"
                  RG>> <MvIF EXPR="{g.testpass EQ user.d.password}">

                  RG>> These days I use Ivo's MD5 algorithm, which is considerably stronger
                  IT> than
                  RG>> CRYPT and removes all restrictions on password length and characters.


                  Comment

                  Working...
                  X