Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Ecrypting passwords

by neilwatson (Priest)
on Nov 04, 2003 at 20:19 UTC ( #304526=note: print w/replies, xml ) Need Help??


in reply to Re: Ecrypting passwords
in thread Ecrypting passwords

Something I don't understand. Perhaps someone could enlighten me?

If we encrypt the password via SHA1 and store it in database how will we compare it at login? Doesn't SHA1 encrypt the same string into a random hash each time? So if we encrypt the user given password and compare it to the stored password aren't the hashes going to be different?

If we somehow unencrypt the hashes how is that done? I don't see that mentioned in the SHA1 docs.

Sorry for being dense.

Neil Watson
watson-wilson.ca

Replies are listed 'Best First'.
Re: Re: Ecrypting passwords
by hardburn (Abbot) on Nov 04, 2003 at 20:28 UTC

    If you put the exact same data into SHA1 (or any other reasonable hashing algorithm), the exact same hash value will come out. It's only when you have different data (even as small as one bit) that a cryptographic hash will give a different output. Non-cryptographic hashing algorithms (such as the one used by Perl's hash data structure) may produce collisions for different data, which usually need to be handled by the program in question.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

      I am not experiencing that :(. Consider this code example:
      # encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt);

      Run in a shell script the hash is the same each time the salt and password are the same (as you said). However, when inserted into a web page (HTML::Mason but, on the same machine) the hash is different each time.

      Neil Watson
      watson-wilson.ca

        I suspect there is somehow a bug in how you're getting the data from the web. Try printing out the hex encoding of the orginal string before you send it to the hash function to make sure you're putting in the exact same data each time.

        ----
        I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
        -- Schemer

        : () { :|:& };:

        Note: All code is untested, unless otherwise stated

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://304526]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2021-04-21 06:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?