in reply to Re: pure Perl SHA-256 crypt()
in thread pure Perl SHA-256 crypt()

I'm not too deep into cryptography, so please pardon my ignorance, but...

What exactly is the relation between the SHA-256 digest and the SHA-256 mode of crypt()? Is the latter just a bit of pre processing and post processing around the former?

Perl 6 - second systems done right

Replies are listed 'Best First'.
Re^3: pure Perl SHA-256 crypt()
by Anonymous Monk on Sep 05, 2011 at 14:27 UTC

    blah blah blah, I not understand question :/

[reply]
[reply]
        My understanding of the difference is a digest sum is like a fingerprint when taken on a file, an advanced checksum on the file. Whereas the crypt uses the same digest sum algorithm, but adds a salt value, to make a 1 way fingerprint of a password.
        I'm not really a human, but I play one on earth.
        Old Perl Programmer Haiku ................... flash japh
[reply]

        One could say: There is a family of crypt() functions parameterised by the embedded function (DES, Blowfish, MD5, SHA-256, etc.) that realises the desired one-way (hash) property.

        The early version of crypt() used DES to simulate a one-way (trapdoor-)function. Since the same password produces always the same crypt()-output, it would be too easy to pre-compute a lookup table (rainbow table) for a given crypt()-value to reveal the original password. Thus, as zentara said, a salt was added to the input to make lookups harder since that would require bigger tables. AFAIR, there were also some DES-related export restriction issues, that would make a non-DES version attractive.

        SHA-256 is a digest-function of its own. The SHA-256-crypt() uses this hash-function as a replacement for DES (or MD5) - and adds some more rounds, etc. to take into account, that modern computers are faster than 30 years ago.

        Recently, bcrypt() has been introduced using another embedded cryptographic function (Blowfish) with a salt and several iterations.

        In order to allow various crypt()-functions the $type$salt$crypt notation was introduced (see /etc/shadow).

        My short CPAN-research yield no implementation of SHA-256-Crypt(), but it should be feasible to implement a (not too fast) pure Perl implementation based on the modules that AM has suggested. Alternatively, it might be more useful to create an XS-wrapper around the reference implementation.

        P.S. I used the terms hash-function and one-way/trapdoor-function a little bit sloppy, real cryptographers may pardon me that.

        Update: First pure Perl draft implementation ready. Needs 15s to complete ;-) (slow as predicted)

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom