Thats 8 bytes not bits !
If you want to use more than the first 8 bytes you will have to use another one way hash or cludge a crypto sub that splits your password into 8 byte chunks and crypts each seperately (Bad Idea). Perhaps MD5 hash would be nice, remember to add some salt to make dictionary attacks more expensive and if you store an MD5 you will have to store the salt as well (MD5 does not put it at the fromt like crypt does). Suppose you could use the MD5 of the user name as a salt, concatenate it with the password then store the MD5 of the result.
Here is your code fixed up a bit and altered to use md5 digest with MD5 of user name used as salt.
#!/usr/bin/perl use strict; use warnings; use Digest::MD5 ('md5_base64'); sub my_crypt { my ($pass, $user)=@_; my $salt = md5_base64($user); return md5_base64($salt.$pass); } print "user> "; chomp (my $user = <STDIN>); print "pass> "; chomp (my $pass = <STDIN>); my @salt = ('a'..'z', 'A'..'Z'); my $passc = my_crypt($pass, $user); open my $fh, '>>pass.pwd' or die $!; print $fh "$user\t$passc\n"; close($fh); # then i read it and check it like this: print "user> "; chomp ($user = <STDIN>); print "pass> "; chomp ($pass = <STDIN>); open $fh, '<pass.pwd' or die $!; my $matched; while(<$fh>){ next unless /^$user/; ($user, $passc) = split /\s+/, $_; if (my_crypt($pass, $user) eq $passc){ print "Matched\n"; $matched++; last; } } print "No Match\n" unless $matched; __END__ >./passtest user> random pass> test12345678 user> random pass> test12345678 Matched >rm pass.pwd >./passtest user> random pass> test12345678 user> random pass> test1234567 No Match >cat pass.pwd random 6EtC2Kp14XloIR7y4KdOQw
Cheers,
R.
In reply to Re^3: crypt help
by Random_Walk
in thread crypt help
by dave_pl
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |