Heya,
Please let me know if this question doesn't make any sense, I'm still trying to wrap my mind around it.
I'm working on a clients server that only has blowfish available for its crypt(3) functions. Ecrypting thingies in Perl doesn't seem to work - observe:
#!/usr/bin/perl my $pw = 'secret'; my $salt = 'sa'l print crypt($pw, $salt);
Should print the same encrypted pass over and over again, like, "saHW9GdxihkGQ"
But, on the blowfish-only server, it prints out things like:
$2a$04$sbKVIAQsDwhO1/am9JaVI.qr13R.8.Cn5Xxqbj6aSqcad/9z3p0Jy
Obviously, I'm doing something wrong. For one - I do not see the salt number in the string. The length is much different, but I chalk that up to the different encryption spec. The string, "$2a$04$" is always present, so I'm assuming that this is some sort of marker that tells me I'm working with a blowfish encryption.
The question is - how do I now compare this encrypted string to an unencrypted string to validate a password?
Regularly, you would just encrypt the password you want to challenge the encrypted password with (using the same salt) - if they match, you've entered the correct password.
I'm missing a step. Sort of a:
if($mySavedPassword =~ s/^\$2a\$04\$/){ # ... blowfish! }
Does anyone care to enlighten? I know about the Crypt::Blowfish module, I don't necessarily want to use it - I'm sort of asking also why Perl's crypt function isn't working as expected.
Thanks, y'all
-justin simoni
skazat me
<script language="JavaScript" src="http://quotes.prolix.nu/cgi-bin/random_quote_js.pl"> </script>
In reply to crypt and blowfish? by skazat
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |