Re: Re: crypt

I'd use

$enc_password = crypt($plain_password, $plain_password);

But this method has the problem that abcdefghi will result the same as abcdefghij or any password beginning with the same 8 characters.
You could use the first and the last character as salt to avoid this problem (the salt is cutted to two characters anyway).

colli

Comment on Re: Re: crypt Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: crypt by kschwab (Vicar) on Nov 08, 2001 at 02:33 UTC
I'm not clear on why you would do this. Once the "bad guy" figures out what you've done: `open(DICT,"/usr/dict/words"); while(<DICT>) { chomp; my $guess=crypt($_,$_); # insert some LWP code here to attack # the web page if ($it_worked) { print "$user: crypted password is $guess\n"; } } close DICT;` [download] On the other hand, if you randomize the salt, the loop above becomes an inner loop. Then the "bad guy" has to add an outer loop that runs up to 64*64 times.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: crypt
by kschwab (Vicar) on Nov 08, 2001 at 02:33 UTC

open(DICT,"/usr/dict/words");
while(<DICT>) {
     chomp;
     my $guess=crypt($_,$_);
     # insert some LWP code here to attack
     # the web page
     if ($it_worked) {
         print "$user: crypted password is $guess\n";
     }
}

close DICT;
[download]

[reply]
[d/l]