in reply to [SOLVED][blogs.perl.org credential release] How can I check the password that I used on blogs.perl.org

About salt: crypt puts the salt characters as first 2 characters of the encrypted version.

  • Comment on Re: [blogs.perl.org credential release] How can I check the password that I used on blogs.perl.org

Replies are listed 'Best First'.
Re^2: [blogs.perl.org credential release] How can I check the password that I used on blogs.perl.org
by three18ti (Monk) on Jan 23, 2014 at 12:15 UTC

    Thanks Anonymous Monk. The best part, it's even spelled out in the Doc, but I didn't understand when I first read it.

    When verifying an existing digest string you should use the digest as the salt (like crypt($plain, $digest) eq $digest ). The SALT used to create the digest is visible as part of the digest. This ensures crypt() will hash the new string with the same salt as the digest. This allows your code to work with the standard crypt and with more exotic implementations. In other words, assume nothing about the returned string itself nor about how many bytes of SALT may matter.

[reply]

      Only first 2 characters of a string are used as salt by crypt ... 

      perl -e '$start = q[px]; print crypt( "polka"  , $_ ) . "\n" for map $
+start. $_ , '' , q[a] .. q[x] , 0 .. 9' \
| uniq
pxtbCUVxSeD2A

      [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom