crypted password digests have the salt tacked onto the front in plain text, like this:
$ perl -e'print crypt("glaummer", "es"), $/'
esWBuiGT4AQcA
$
All you need to do is capture the salt with my $salt = substr $digest, 0, 2; , then crypt away.
Update: Fixed typo in code (s/crupt/crypt/) ++rob_au for the spot.
After Compline,
Zaxo
| [reply]
[d/l] |
Hi.
The salt is similar to an identifier. I've heard specific algorithms use specfic salts. I could be mistaken, but I believe perl uses either 3DES or DES. The first two characters comprise the salt used when the crypt function was called initially. When you perform some action that calls the crypt function ( such as login or su ), it extracts the first two characters ( the salt ), and attempts to 're-hash' your password with the following function:
if (crypt( $data, $hashed_text) eq $hashed_text )
// additional code here.
Since you are hopefully using the same password, and since the crypt() function is using the same salt, it should create the same hashed string again. If these two conditions are true, they will match and..success!
Sample run:
#!/usr/bin/perl -w
use strict;
my $data = "Perlmonks!";
$data = crypt( $data, "hj" );
print $data, "\n";
#Results in...
C:\perl>perl crypt_test.pl
hjCQi34Qt4uGE
C:\perl>
As you can see, the salt ( "hj" ) can be found at the beginning of the string.
If you wanted to incorporate this into an application, you could do something like this:
#!/usr/bin/perl -w
use strict;
my $password;
my $salt;
print "Please enter password: ";
chomp( $password = <STDIN> );
print "Enter two-char salt: ";
chomp( $salt = <STDIN> );
$password = crypt( $password, $salt );
# Then to 'verify' the authenticity, use
# the value of $password you obtained earlier.
print "Please enter your password: ";
chomp( my $guess = <STDIN> );
print "Imposter!" if( crypt($guess, $password) ne $password);
I hope this helps,
-Katie a.k.a. DigitalKitty
| [reply]
[d/l]
[select] |
The salt is similar to an identifier.
kinda. The salt is more like a pointer into a set
of "hashed" values (not hash as in perl hash
but hash
as in hash function). The whole purpose of salt is
to prevent dictionary attacks by creating a much larger
pool of hashed passwords from the same plaintext.
I've heard specific algorithms use specfic salts
Somewhat true. For some versions of the crypt function, the format of the hashed value is different based on the algorithm (YMMV):
Standard DES-based encryption has a two character salt
Extended DES-based encryption has a nine character salt
MD5 encryption has a twelve character salt starting with $1$
Blowfish encryption has a sixteen character salt starting with $2$
I believe perl uses either 3DES or DES.
Possibly. It may
be DES,
Extended DES,
MD5,
Blowfish
or whatever else your c library crypt provides.
For great reading about the crypt function and salt, check out Robert Morris and Ken Thompson's seminal work - Password Security: A Case History (
Communications of the ACM, 22(11):594-597, November 1979).
Here's a
google cache link
-derby | [reply] |
I could be mistaken, but I believe perl uses either 3DES or DES.
From 'perldoc -f crypt': Encrypts a string exactly like the crypt(3) function in the C library.
So actually Perl depends on system library (aka libc on Unix systems) here. I've seen crypt to return MD5 hashes on some systems.
--
Ilya Martynov
(http://martynov.org/)
| [reply] |
Yes, you are right. Thats why the salt is part of the
hashed password - so you can use the saved salt with
the supplied password. Check out this node for
more info on salt(s) and why it's used.
-derby | [reply] |
But if you're checking that crypt($password) matches the crypt($password) you've saved previously, and you use a different salt, it won't match, surely?
I don't know a lot about it either, but this seems to be correct.
use strict ;
my @n = qw( xx xy yx yy ) ;
my @m = @n ;
foreach my $outer ( @n )
{
foreach my $inner ( @m )
{
print crypt( 'perlmonk', $inner ) eq crypt( 'perlmonk', $outer
+ ) ?
'1' : '0' ;
}
print "\n" ;
}
gives you this:
1000
0100
0010
0001
_______________
D
a
m
n
D
i
r
t
y
A
p
e
Home Node
|
Email
| [reply]
[d/l]
[select] |