skazat has asked for the wisdom of the Perl Monks concerning the following question:

i finally got around in fiddling around with encrypting passwords to put in my own files, so i made this test program using the code from this discussion: 

 
<pre> 
#!/usr/bin/perl5 -w

my $password = "password"; 
print "password is $password\n\n"; 


my $encrypted_password = encrypt_passwd($password); 
print "encrypted password is $encrypted_password\n"; 


print "checking to see if $password equals password..\n\n"; 


my $checkit = (verify_passwd($encrypted_password,"password")); 
    if ($checkit eq "1") { 
    print "password passes!:\n"; 
    my $s=substr($encrypted_password,0,2);
    print(crypt("password",$s));
    print "\n\n"; 

}else{ 

    print "no, that's not it:\n"; 
    my $s=substr($encrypted_password,0,2);
    print(crypt("password",$s));
    print "\n\n"; 


} 



my $random_password = &generate_password; 
print "your daily randomly generated password: $random_password\n"; 


print "have fun everyone\n\n\n"; 

sub encrypt_passwd {
my $pw=shift;
# Seed random number generator. From Camel book p. 223.
srand ( time() ^ ($$ + ($$ << 15)) );                #best one


my @c=('a'..'z', 'A'..'Z', '0'..'9','.','/');
my $s=$c[rand(@c)].$c[rand(@c)];
return crypt($pw, $s);
}

sub verify_passwd {
my $check = 0; 
my ($epw, $pw)=@_;
my $s=substr($epw,0,2);
if($epw eq crypt($pw,$s)){ 
$check = 1; 
}


return $check; 

}



sub generate_password { 

     
my @chars = split '',
'abcdefghijkmnopqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789@#$%&*=+_<>?~
+';
     
    
        my $password;
      for(1..8){
      $password .= $chars[rand @chars];
         }
      return $password; 
      
 }
 
 
</pre>

[download]

the problem is... it doesn't work on my server! (Free BSD 3.3 i believe.. the password check will return zero, even though its quite clear that the password will check out. i've tested this on mi mac, on a solaris machine, and on a BSD machine and all come out to be true. i also noticed that on the free bsd machine, the salt is always $1 and the encrypted password is about twice as large as when tested on any other server.

whats going on here? why is the password check giving me a different encrypted string using the same seed? again, this only seems to be a problem on my Free Bsd server,
hmmm

Replies are listed 'Best First'.
Re: passwords revisited
by dempa (Friar) on Jul 13, 2000 at 11:07 UTC
    If you look up crypt in perlfunc, you'll see this: 
      When verifying an existing encrypted string you
  should use the encrypted text as the salt (like
  `crypt($plain, $crypted) eq $crypted').  This allows
  your code to work with the standard `crypt' and with
  more exotic implementations.

    [download]
    You have have used substr in your code to cut off just the salt. I don't have access to any FreeBSD box, so I can't test if this is really the problem, but I figured I should throw this in anyway just in case.

[reply]
[d/l]
Re: passwords revisited
by le (Friar) on Jul 13, 2000 at 11:38 UTC
    I'm using FreeBSD 4.0 and your script runs fine here. Don't know, where the problem is.
[reply]

Back to Seekers of Perl Wisdom