Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Ecrypting passwords

by hardburn (Abbot)
on Nov 04, 2003 at 20:28 UTC ( [id://304529]=note: print w/replies, xml ) Need Help??


in reply to Re: Ecrypting passwords
in thread Ecrypting passwords

If you put the exact same data into SHA1 (or any other reasonable hashing algorithm), the exact same hash value will come out. It's only when you have different data (even as small as one bit) that a cryptographic hash will give a different output. Non-cryptographic hashing algorithms (such as the one used by Perl's hash data structure) may produce collisions for different data, which usually need to be handled by the program in question.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Re: Ecrypting passwords
by neilwatson (Priest) on Nov 05, 2003 at 18:02 UTC
    I am not experiencing that :(. Consider this code example: 
    # encrypts password using
# SHA-1 algorithm
my $sha1 = Digest::SHA1->new;

# reset algorithm
$sha1->hexdigest;

# encrypt
$salt = 1658087940;
my $secret = $sha1->sha1_hex($passwd . $salt);

    [download]

    Run in a shell script the hash is the same each time the salt and password are the same (as you said). However, when inserted into a web page (HTML::Mason but, on the same machine) the hash is different each time.

    Neil Watson
    watson-wilson.ca

[reply]
[d/l]

      I suspect there is somehow a bug in how you're getting the data from the web. Try printing out the hex encoding of the orginal string before you send it to the hash function to make sure you're putting in the exact same data each time.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      : () { :|:& };:

      Note: All code is untested, unless otherwise stated

[reply]
[d/l]
        Even if I hard code them: 
        # encrypts password using
# SHA-1 algorithm
my $sha1 = Digest::SHA1->new;

# reset algorithm
$sha1->hexdigest;

# encrypt
$passwd = 'password';
$salt = 1658087940;
my $secret = $sha1->sha1_hex($passwd . $salt);

        [download]

        The hash is still different each time.

        Neil Watson
        watson-wilson.ca

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://304529]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2024-04-19 21:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found