Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Articles Database > Problem using mod_auth_mysql with AES encryption
Problem using mod_auth_mysql with AES encryption
 |
 |
 |
Posted by ImageLogic, 11-25-2010, 08:41 PM I used CPAN (Perl) Crypt::OpenSSL::AES with "Hp7YZtjVASS47kwq" as the key to encrypt passwords and put them into the "customers" table of a MySQL DB called "shows_enrollees" as "user_passwd TINYBLOB". The corresponding plain text user name went into the same DB and table unencrypted as "customer VARCHAR(15)". I added the following to current stable release Apache's "httpd.conf": AuthType Basic AuthName "Customers, please log in here:" AuthMySQLHost localhost AuthMySQLUser accessCheck AuthMySQLPassword check AuthMySQLPwEncryption aes AuthMySQLSaltField The challenge dialog appears but rejects legitimate ID/Password combinations. This gives rise to a few questions about which the "documation" is stone silent. 1) Is Crypt::OpenSSL::AES encryption the same as mod_auth_mysql assuming the same seed/key is used in both cases? 2) Should AuthMySQLSaltFieldAuthMySQLDB shows_enrollees AuthMysqlUserTable customers AuthMySQLNameField customer AuthMySQLPasswordField user_passwd AuthMySQLEnable on require valid-user be restated as AuthMySQLSaltField <"Hp7YZtjVASS47kwq"> -- where the seed/key is 'stringized' by quotes? 3) Have any of the readers gotten mod_auth_mysql to read AES encrypted BLOBs in a MySQL DB? 4) Crypt::OpenSSL::AES requires a precisely 16 byte password. I limited the passwords to between 4 and 16 bytes and stripped all leading blanks. Shorter passwords were padded with trailing blanks before being encrypted and put in the DB. mod_auth_mysql claims that all trailing blanks are stripped when decripting -- and presumably before comparison. Is this true? Any other insights into why the challange dialog is not accepting what seem to be legitimate ID/Password pairs would be appreciated. Regards, Aza D. Oberman
Add to Favourites 
Print this Article
Also Read
