Re: understand crypt

By the way: Did you know that crypt depends on OS, OS version, and perhaps on OS configuration? Perl's crypt is just a thin wrapper around crypt(3) in the libc. The libc is free to choose ANY algorithm. So crypt("AAA","BBB") running on one system may return something completely different when running on some other system. It may even choose to completely ignore the salt parameter. And to make things even more complicated: On some systems, crypt() is either not implemented at all (like Android) or it depends on how perl was compiled (Windows).

Further information:

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re: understand crypt Select or Download Code

Replies are listed 'Best First'.
Re^2: understand crypt by holli (Abbot) on May 31, 2019 at 15:13 UTC
A nice overview about current hashing algorithms: Passwords should be hashed with either PBKDF2, bcrypt or scrypt, MD-5 and SHA-3 should never be used for password hashing and SHA-1/2(password+salt) are a big no-no as well. Currently the most vetted hashing algorithm providing most security is bcrypt. Digest::Bcrypt holli You can lead your users to water, but alas, you cannot drown them.	[reply]
Re^3: understand crypt by Your Mother (Archbishop) on May 31, 2019 at 20:42 UTC
That reads as good advice but it's from 2013 and security info that isn't extremely current should taken with a grain of salt, as it were. Note from Digest::Bcrypt’s POD: While maintenance for Digest::Bcrypt will continue, there's no reason to use Digest::Bcrypt when Crypt::Eksblowfish::Bcrypt already exists. We suggest that you use Crypt::Eksblowfish::Bcrypt instead.	[reply]