One could say: There is a family of crypt() functions parameterised by the embedded function (DES, Blowfish, MD5, SHA-256, etc.) that realises the desired one-way (hash) property.
The early version of crypt() used DES to simulate a one-way (trapdoor-)function. Since the same password produces always the same crypt()-output, it would be too easy to pre-compute a lookup table (rainbow table) for a given crypt()-value to reveal the original password. Thus, as zentara said, a salt was added to the input to make lookups harder since that would require bigger tables. AFAIR, there were also some DES-related export restriction issues, that would make a non-DES version attractive.
SHA-256 is a digest-function of its own. The SHA-256-crypt() uses this hash-function as a replacement for DES (or MD5) - and adds some more rounds, etc. to take into account, that modern computers are faster than 30 years ago.
Recently, bcrypt() has been introduced using another embedded cryptographic function (Blowfish) with a salt and several iterations.
In order to allow various crypt()-functions the $type$salt$crypt notation was introduced (see /etc/shadow).
My short CPAN-research yield no implementation of SHA-256-Crypt(), but it should be feasible to implement a (not too fast) pure Perl implementation based on the modules that AM has suggested. Alternatively, it might be more useful to create an XS-wrapper around the reference implementation.
P.S. I used the terms hash-function and one-way/trapdoor-function a little bit sloppy, real cryptographers may pardon me that.
Update: First pure Perl draft implementation ready. Needs 15s to complete ;-) (slow as predicted)
In reply to Re^5: pure Perl SHA-256 crypt()
by Perlbotics
in thread pure Perl SHA-256 crypt()
by autocesco
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |