[nSLUG] Crypt in Perl

Daniel Morrison draker at gmail.com
Wed Jan 7 22:39:26 AST 2009


2009/1/7 D G Teed <donald.teed at gmail.com>:
> On Wed, Jan 7, 2009 at 5:40 PM, George N. White III <gnwiii at gmail.com>
> wrote:
>> Did you try using the encrypted password as the salt?
>
> No I did not.  Why would I use that?

The PHP people also recommend this, and say it's to ensure compatibility.

-D.

http://ca3.php.net/crypt

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}



More information about the nSLUG mailing list