in reply to Re^2: encryption confusion
in thread encryption confusion

I appreciate how it is done on *nix. It seemed appropriate to KISS in this case. Oh, all right I was just too lazy to offer more detail. Here is a half decent implementation that uses pseudorandom salts..... 

sub crypt_pass {
    my ( $pass ) = @_;
    my @chars = ( 'A'..'Z','a'..'z',0..9,'.','/' );
    my $salt = $chars[rand(64)].$chars[rand(64)];
  return crypt( $pass, $salt );
}

sub check_pass {
    my ( $pass, $hashed ) = @_;
    my $salt = substr $hashed, 0, 2;  # salt is first two chars of has
+h string
  return crypt( $pass, $salt ) eq $hashed ? 1 : 0;
}


for(1..10) {
    my $crypted = crypt_pass( 'japh' );
    printf "%s\t%d\t%d\n", $crypted, 
        check_pass( 'japh', $crypted ), check_pass( '!japh', $crypted 
+);
}

__DATA__
MUNh4wMD2XmEM    1    0
3mGrf7lP7OtZc    1    0
oK7ccq5AtY1xI    1    0
.yrauX5ySsKTc    1    0
zW39UkBxi2jPo    1    0
jEzvJ.irRskvo    1    0
fz54UpRw0TZWc    1    0
a0NMpS2IufmzQ    1    0
wLjbdTPPxpwd.    1    0
WeMtUMzGuNWoc    1    0

[download]

cheers

tachyon

Replies are listed 'Best First'.
Re^4: encryption confusion
by bgreenlee (Friar) on Aug 20, 2004 at 08:50 UTC

    I actually ran into a strange bug some time ago (under Apache 1.3.23) where if the salt I generated consisted of the same two characters (e.g. 'aa'), it wouldn't work under htpasswd. So here's the code I used:

        my @salt_chars = (a..z,A..Z,0-9,'.','/');
    my $salt1 = $salt_chars[int(rand @salt_chars)];
    my $salt2 = $salt_chars[int(rand @salt_chars)];

    while ($salt2 eq $salt1) {
        $salt2 = $salt_chars[int(rand @salt_chars)];
    }

    my $salt = $salt1 . $salt2;

    [download]

    I'm not sure if this is still an issue; you might want to test it out on your system.

    -b

[reply]
[d/l]

In Section Seekers of Perl Wisdom