TStanley has asked for the wisdom of the Perl Monks concerning the following question:

I am working with Crypt::CBC and the Blowfish encryption algorithm to encrypt some passwords. However, when I check to see if the person entered the same string twice (for verification), I get an error back stating that the strings do not match, which is obvious when I print the encrypted strings out. I am using the same Crypt::CBC object to encrypt each string, so they are both being encrypted by the same key. The key in question is a hexidecimal string, 16 characters in length.Any ideas here?
#!/opt/perl5/bin/perl -w
use strict;
use Fcntl qw (:flock);
use Term::ReadKey;
use Crypt::CBC;
my $pass_file="passfile.txt";
my %Mgrs;
my $user=shift;
if($user eq "KEY"){die"Can't change that!!!!\n";}

open(FH,"$pass_file")|| &ERR("Unable to read password file");
flock(FH,LOCK_EX);
while(<FH>){
  my($mgr,$passwd,$printer) = split /\|/;
  chomp $printer;
  $Mgrs{$mgr}=[$passwd,$printer];
}
flock(FH,LOCK_UN);
close FH;

my $ck=$Mgrs{'KEY'}[0];

#debug
#print"CK is $ck\n";

if(exists $Mgrs{$user}){
  if($Mgrs{$user}[0] eq ""){
    &newpass;
  }else{
    & ERR("Incorrect username");
  }
}else{
  & ERR("Non-Existent User");
}
sub ERR{
  my $msg=shift;
  print "$msg\n";
  die;
}

sub newpass{
  print"Enter new password: ";
  ReadMode 2;
  my $p1=<STDIN>;
  chomp $p1;
  ReadMode 0;
  print "\nEnter it again (for verification): ";
  ReadMode 2;
  my $p2=<STDIN>;
  chomp $p2;
  ReadMode 0;
  print"\n";
  my $crypt=Crypt::CBC->new({'key'=>$ck,'cipher'=>'Blowfish'});
  my $d1=$crypt->encrypt_hex($p1);
  #Debug 
  #print "$d1\n";
  my $d2=$crypt->encrypt_hex($p2);
  #Debug 
  #print "$d2\n";
  if($d1 eq $d2){ $Mgrs{$user}[0]= $d1; }else{
    &ERR("Non matching passwords.");
  }
}

[download]

TStanley
--------
The only thing necessary for the triumph of evil is for good men to do nothing -- Edmund Burke

Replies are listed 'Best First'.
Re: Non matching encrypted string
by Abigail-II (Bishop) on Oct 09, 2003 at 16:15 UTC
    Could it be that different seeds are being used? But why go through the trouble of comparing the encrypted passwords? Why not compare $p1 and $p2, and don't even bother with the encryption if they differ?

    Abigail

[reply]

      Could it be that different seeds are being used?

      There's no point to using CBC mode if the seeds are the same :)

      So yes, the only way to do it is to check the passwords before encrypting. Which is what should have been done in the first place.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      Note: All code is untested, unless otherwise stated

[reply]
Re: Non matching encrypted string
by sgifford (Prior) on Oct 10, 2003 at 04:02 UTC
    This works fine for me: 
    #!/usr/bin/perl -w

use strict;
use Fcntl qw (:flock);
use Term::ReadKey;
use Crypt::CBC;

use vars qw($ck);
$ck = "0123456789abcdef";


newpass();

sub newpass{
  print"Enter new password: ";
  ReadMode 2;
  my $p1=<STDIN>;
  chomp $p1;
  ReadMode 0;
  print "\nEnter it again (for verification): ";
  ReadMode 2;
  my $p2=<STDIN>;
  chomp $p2;
  ReadMode 0;
  print"\n";
  my $crypt=Crypt::CBC->new({'key'=>$ck,'cipher'=>'Blowfish'});
  my $d1=$crypt->encrypt_hex($p1);
  #Debug 
  print "$d1\n";
  my $d2=$crypt->encrypt_hex($p2);
  #Debug 
  print "$d2\n";
  if($d1 eq $d2){ print "Match.\n" }else{
    print "No match.\n"};

}

    [download]
    Does it work for you?
[reply]
[d/l]

Back to Seekers of Perl Wisdom