Right. Knowing the salt is half the battle in cracking the
password.
In addition to the suggestions of our fellow monks, I can add two
more points.
Use a random salt and store the password in such a way where it
will be extremely difficult for someone to obtain. Such as a
configuration file only readable by the application itself. Some
example code follows:
use strict;
my $pass;
$| = 1;
print "password: ";
chomp($pass = <STDIN>);
print crypt_pass($pass), "\n";
exit;
sub crypt_pass {
my $p = shift;
return unless $p;
my $salt = chr(65+rand(27)).chr(65+rand(27));
return crypt($p, $salt);
}
Another thing you can do is use the first two characters of the
password as the salt, then strip those two characters off before
you store it.
use strict;
my $pass;
$| = 1;
print "password: ";
chomp($pass = <STDIN>);
print crypt_pass($pass), "\n";
exit;
sub crypt_pass {
my $p = shift;
return unless $p;
crypt($p, $p) =~ /..(.*)/;
my $cpass = $1;
return $cpass;
}