Thats 8 bytes not bits !
If you want to use more than the first 8 bytes you will have to use another one way hash or cludge a crypto sub that splits your password into 8 byte chunks and crypts each seperately (Bad Idea). Perhaps MD5 hash would be nice, remember to add some salt to make dictionary attacks more expensive and if you store an MD5 you will have to store the salt as well (MD5 does not put it at the fromt like crypt does). Suppose you could use the MD5 of the user name as a salt, concatenate it with the password then store the MD5 of the result.
Here is your code fixed up a bit and altered to use md5 digest with MD5 of user name used as salt.
#!/usr/bin/perl
use strict;
use warnings;
use Digest::MD5 ('md5_base64');
sub my_crypt {
my ($pass, $user)=@_;
my $salt = md5_base64($user);
return md5_base64($salt.$pass);
}
print "user> ";
chomp (my $user = <STDIN>);
print "pass> ";
chomp (my $pass = <STDIN>);
my @salt = ('a'..'z', 'A'..'Z');
my $passc = my_crypt($pass, $user);
open my $fh, '>>pass.pwd' or die $!;
print $fh "$user\t$passc\n";
close($fh);
# then i read it and check it like this:
print "user> ";
chomp ($user = <STDIN>);
print "pass> ";
chomp ($pass = <STDIN>);
open $fh, '<pass.pwd' or die $!;
my $matched;
while(<$fh>){
next unless /^$user/;
($user, $passc) = split /\s+/, $_;
if (my_crypt($pass, $user) eq $passc){
print "Matched\n";
$matched++;
last;
}
}
print "No Match\n" unless $matched;
__END__
>./passtest
user> random
pass> test12345678
user> random
pass> test12345678
Matched
>rm pass.pwd
>./passtest
user> random
pass> test12345678
user> random
pass> test1234567
No Match
>cat pass.pwd
random 6EtC2Kp14XloIR7y4KdOQw
WARNING
Crypto is famous for subtle bugs. I give no promise that this algorithm is in any way secure but having said that I can see no obvious problems with it.
Cheers,
R.
Pereant, qui ante nos nostra dixerunt!
|