note
fokat
The friendly <tt>crypt()</tt> function that you're likely to find in any *nix operating system, applies a (hopefully) cryptographically strong hashing function to the supplied password and salt. The general idea behind this, is converting the cleartext password you gave it into a hash (some people uses the term signature).<P>
With that hash, it is <em>computationaly infeasible</em> to find a strong-enough password. What this means in lay man terms, is that it is very hard to learn the original (cleartext) password out of the hash and salt that lives in <tt>/etc/passwd</tt>.<P>
I know of two common implementations of the <tt>crypt()</tt> functions: The DES based and the MD5 based. Newer systems tend to use the MD5 based <tt>crypt()</tt>, for a number of reasons.<P>
Note that the MD5-based <tt>crypt()</tt> is <b>not the same</b> as obtaining the hash of your password with <tt>Digest::MD5</tt> or similar. The algorythm used internally by the MD5-based <tt>crypt()</tt> uses a number of transformations in which the MD5 algorythm is used, but is <b>very</b> different.<P>
<tt>Crypt::PasswdMD5</tt> implements this algorythm in Perl, allowing you to reproduce the result of said <tt>crypt()</tt> functions in non-*nix systems or systems without a compatible <tt>crypt()</tt> implementation.<P>
Regards.
198592
198615