Perl crypt() on unix
What is crypt(), and what is DES
The Perl crypt() functions allows you to store data such as passwords or other sensitive information as an encrypted string using ASCII characters. Unix / linux servers use DES (the Digital Encryption Standard) which is a Unix encryption system using 56 bit keys in a complicated 16 round substitution process. The Perl crypt() function is a one way encryption method meaning, once a password has been encrypted, it cannot be decrypted.
How to encrypt passwords on a unix system
To encrypt passwords on a unix server, you can make use of Perl's crypt() function. It takes two arguments, the first is the string or password you want to encrypt, and the second argument is the salt.
$VAR{pass} = "mypass";
$VAR{salt} = "ab";
$VAR{pass} = crypt($VAR{pass}, $VAR{salt});
print $VAR{pass};
What is the salt
The salt is any any two characters which are to be subsequently used as part of the encryption's algorithm. It's stored by Unix as the first two characters of the encrypted string for later comparison. If you're storing your passwords for Apache's Basic Authentication (.htaccess), it's a good idea to remember how you generated your salt, or at least read the first two characters of the encrypted password and re-use them as the salt when comparing User input.
How to compare encrypted passwords
The key is in the salt. If you're using a different salt to compare form input against an already encrypted password, you're in trouble. The form input must be encrypted using the same method used to encrypt the stored password. You then check the new encryption against the stored encryption for a perfect match.
A good encryption method
The following is a safe and sound encryption method suitable for .htaccess and non-htaccess encryption. It uses the first two non-encrypted characters of the password typed in by a User logging in to generate the salt. The stored password also used the same salt.
$VAR{check} = $FORM{pass};
$VAR{salt} = substr($VAR{check}, 0, 2);
$VAR{check} = crypt($VAR{check}, $VAR{salt});
print $VAR{check};
$VAR{pass} = "myNSG/MN.H5b3";
$VAR{salt} = substr($VAR{pass}, 0, 2);
$VAR{pass} = crypt($VAR{pass}, $VAR{salt});
print $VAR{pass};
if($VAR{check} eq $VAR{pass}{
# you're in like Flynn
}
|
