OK, I have down loaded and unzipped the Digest-MD4-1.0 Tarball. The readme says "To build the extension, unpack this distribution under the ext/
directory of your Perl source distribution"

however the readme is kinda old as it refrences "late betas pf perl 5.002" I have 5.00503 installed and it probably needs to be updated, but I am not in a position to do that right now. Anyway I think the readme is a tad bit out of date.

However right now I am looking for a comparable directory to put this tar ball into.

Under the 5.00503 directory I did find a directory called /ExtUtils. Am I correct in assuming that this is the proper directory?

IF not does anyone out there know where to put this?

------------------
[X] YES! I'm a brain-damaged lemur on crack, and I'd like to order your software package for $459.95!

md4 uses 3 rounds, all three of which have been cryptanalised (though not all in the same manner or instance). You shouldn't be using it; use md5 instead. Besides, md5 is strongly rooted, whereas md4 is not used anywhere (due to the fact that it's weak and has been cryptanalised successfully)

perl -MCPAN -e 'install Digest::MD5'

Jeremy

will md5 generate a correct response to an S/Key auth? If not I cannot use it for the purpose I need it for.

------------------
[X] YES! I'm a brain-damaged lemur on crack, and I'd like to order your software package for $459.95!

http://lheawww.gsfc.nasa.gov/~srr/skey_info.html


The actual algorithm used by S/Key is based on either MD4 or MD5. The original implementation of S/Key used MD4, however, a weakness was discovered in this implementation of S/Key. The S/Key software was revised using the MD5 algorithm which does not have the weakness present in the MD4 implementation.


And I have to ask, why are you using S/KEY? Unix passwords, when selected well, are entirely capable of protecting your computer. Shadow passwords means that someone other than root can't see your password file; md5 hashed passwords means that crack/john the ripper/whatever other program that tries to crack passwords is ineffective (not that it would be useful in the first place, given that they have no way of acquiring the necessary hashes to test them against).

Besides, using ssh with its RSA key authorization is a better idea anyway.

jemfinch,

Tried MD5 and couln't Auth. Aparently it is looking for and MD4 password.

I am just trying to automate my Authentication on a work computer, that is why I need MD4.

I understand the security risks involved with both MD4 and automating my login.

In my world I would not use S/Key, but I am not root, so I am stuck with it.

------------------
[X] YES! I'm a brain-damaged lemur on crack, and I'd like to order your software package for $459.95!

It doesn't matter where you unpack it. The files will be installed in the proper place when you run 'perl Makefile.PL', 'make', 'make test', 'make install'.