Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Re: What's the idea of different salts in crypt()?by dga (Hermit) |
on Sep 20, 2001 at 03:18 UTC ( [id://113494]=note: print w/replies, xml ) | Need Help?? |
You should not let intruders have the encrypted password text. That being said, given the speed of machines today if they have access to the full encrypted text version of your passwords its time to get new passwords and really soon. The salt makes the password string asdfghjl with salt Az look radically different from asdfghjl with salt Ay. This means that it is unlikely that 2 peoples encrypted passwords will look the same even if they have the exact same plaintext due to the randomly selected salts. It also means that a complete password reverse lookup table is 4096 times bigger than one with with no salt. You should look into the Digest::MD5 and friends which will allow passwords longer than 56 bits. Also you should keep the encoded passwords in a seperate, highly secured, file in any case.
In Section
Seekers of Perl Wisdom
|
|