perl - What version is in use ?

                 Hello.

It is not a question about BASE64
My ISP want me to use "**SSL / TLS **port 465" or **"MD5 **port 587".
I started with **MD5 **port 587.

Question 1

/usr/lib/perl5 contains 3 different perl installations :[INDENT]/usr/lib/perl5/5.18.2
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl

When calling a perl module/function which version is in use ?

Question 2

I use this command

perl -MMIME::Base64 -e 'print encode_base64("some_user");' 

to get a base64 encoded user name or user password.

I would like to use this command

perl -MXXXXXX::YYYYYY -e 'print ZZZZZZZ("some_user");' 

to get a md5 encoded user name or user password.
I have tried different command flavor with no success.


     ~> perl -MDigest::MD5 -e 'print encode_base64("some_user");'
Undefined subroutine &main::encode_base64 called at -e line 1.

~> perl -MDigest::MD5 -e 'print md5_base64("some_user");'
Undefined subroutine &main::md5_base64 called at -e line 1.

~> perl -MDigest::MD5 -e 'print hmac_md5("some_user");'
Undefined subroutine &main::hmac_md5 called at -e line 1.

~> perl -MDigest::HMAC_MD5 -e 'print hmac_md5("some_user");'
Undefined subroutine &main::hmac_md5 called at -e line 1.

~> perl -MDigest::MD5 -e 'print md5_base64("some_user");'
Undefined subroutine &main::md5_base64 called at -e line 1.

~> perl -MDigest::MD5 -e 'print hmac_md5("some_user");'
Undefined subroutine &main::hmac_md5 called at -e line 1.

~> perl -MDigest::MD5 -e 'print md5("some_user");'
Undefined subroutine &main::md5 called at -e line 1.

    ~> perl -e 'use HMAC_MD5;'
Can't locate HMAC_MD5.pm in @INC (you may need to install the HMAC_MD5 module) (@INC contains: /usr/lib/perl5/site_perl/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.18.2 /usr/lib/perl5/vendor_perl/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.18.2 /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/5.18.2 /usr/lib/perl5/site_perl .) at -e line 1.
BEGIN failed--compilation aborted at -e line 1.
~> perl -e 'use MD5;'
Can't locate MD5.pm in @INC (you may need to install the MD5 module) (@INC contains: /usr/lib/perl5/site_perl/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.18.2 /usr/lib/perl5/vendor_perl/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.18.2 /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/5.18.2 /usr/lib/perl5/site_perl .) at -e line 1.
BEGIN failed--compilation aborted at -e line 1. 

But HMAC_MD5.pm is in “/usr/lib/perl5/vendor_perl/5.18.2/Digest”
and MD5.pm is in “/usr/lib/perl5/vendor_perl/5.18.2/x86_64-linux-thread-multi/Digest” or in “/usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/Digest”

Any help is welcome
[/INDENT]

I don’t code Perl, but the following will likely be helpful…

To list your loaded modules, you’ll also likely display the path that describes from which Perl you’re running…

https://perlmaven.com/which-perl-modules-are-loaded-in-memory

As for your other errors trying to encode, you’re fairly obviously passing something that isn’t supported when the routine errors out on line 1. You might want to look for examples and documentation for what you’re trying to do.

Last comment,
The network connections and their ports specified by your ISP look pretty standard. I don’t remember for sure at the moment how an MD5 encoded connection is supposed to work, but an SSL/TLS connection is pretty simple, if an automatic key exchange isn’t available you should only need to install an authorized certificate and use it to encrypt your connection, thereby “wrapping” your encryption around your content (You don’t need to encrypt your content further).

One other thing…
If you might want to consider installing a different openSUSE Perl, the following describes the openSUSE package naming convention…

https://en.opensuse.org/Perl

TSU

[/INDENT]
Hi
Those directories are normal, to test the perl version in use it’s;


perl -V

This will list out the perl summary, perl modules will go into vendor, I see none under site…

Try;


#!/usr/bin/perl

#qw can be one of md5, md5_hex or md5_base64
use Digest::MD5 qw(md5);

print "Digest is ", md5("username"), "
";

Hi
And as your one liner;


perl -MDigest::MD5=md5 -e 'print md5("username");'
perl -MDigest::MD5=md5_hex -e 'print md5_hex("username");'
perl -MDigest::MD5=md5_base64 -e 'print md5_base64("username");'

Thank you very much.

I have another question :
It seems that the result from MIME::Base64 and Digest::MD5=md5_base64 are different.

DIGEST=$(perl -MDigest::MD5=md5_base64 -e 'print md5_base64("username");')
print $DIGEST
FMSwa4JOxZMjk2JRf1OLKQ
DIGEST=$(perl -MMIME::Base64 -e 'print encode_base64("username");')
print $DIGEST
dXNlcm5hbWU=

Any comment ?

Happy new Year.

Hi
Happy New Year back at you :slight_smile:

Well digest is just for accessing the md5 algorithm, the mime one is for encoding/decoding base64 strings? Not sure what your expecting?


perl -MMIME::Base64=encode_base64 -e 'print encode_base64("username");'
dXNlcm5hbWU=

perl -MMIME::Base64=decode_base64 -e 'print decode_base64("dXNlcm5hbWU=");'
username

Using

perl -MMIME::Base64=encode_base64 -e 'print encode_base64("username");'

I can send my username “username” to my provider using “dXNlcm5hbWU=”

Using

perl -MDigest::MD5=md5_base64 -e 'print md5_base64("username");'

I can send my username “username” to my provider using “FMSwa4JOxZMjk2JRf1OLKQ”

So how it is decoded on isp side ?

Hi
You can’t decrypt, it’s a digest (not a cypher) and only one way. Other end I would surmise hash it further with a key.

Sorry, but English is not my mother language. I don’t understand what you try to explain.

My question is rather :
If I use “dXNlcm5hbWU=” ( perl -MMIME ) or “FMSwa4JOxZMjk2JRf1OLKQ” ( perl -MDigest ) in an encoded username/password mailx sequence with my ISP, is it equivalent.
In other words, when my Internet service provider will check that I am who I claim to be, will they succeed with either encoded methods?

Any comment is welcome.

Hi
Maybe this will help?

Your ISP doesn’t nothing except store/protect ‘your’ hash as long as what you send matches the hash stored, all is good… the hash can’t be decoded, that’s the point.

A mime type as seen can be decoded, hence not suitable…

Thank you for the link.

As my question is about a login sequence (mailx command) to a smtp server, my ISP must be able to verify that the user { “dXNlcm5hbWU=” ( perl -MMIME ) or “FMSwa4JOxZMjk2JRf1OLKQ” ( perl -MDigest ) } and the password correspond to me in their database ?
So how could he accepts my connection without knowing who is connecting ?

On Tue 05 Feb 2019 06:26:03 PM CST, jcdole wrote:

malcolmlewis;2893210 Wrote:
> Hi
> Maybe this will help?
>
> Cryptographic hash function - Wikipedia
>
> Your ISP doesn’t nothing except store/protect ‘your’ hash as long as
> what you send matches the hash stored, all is good… the hash can’t
> be decoded, that’s the point.
>
> A mime type as seen can be decoded, hence not suitable…

Thank you for the link.

As my question is about a login sequence (mailx command) to a smtp
server, my ISP must be able to verify that the user { “dXNlcm5hbWU=” (
perl -MMIME ) or “FMSwa4JOxZMjk2JRf1OLKQ” ( perl -MDigest ) } and the
password correspond to me in their database ?
So how could he accepts my connection without knowing who is connecting
?

Hi
As long as the decoded username matches the hashes they store (however
the ISP does it [LDAP?]), then it will let you (or anyone who knows the
username/password) in…

Have a look at the shadow and passwd man pages (eg man 5 shadow) to see
how it’s done on your local machine.


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SLES 15 | GNOME Shell 3.26.2 | 4.12.14-25.28-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!