Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Re: Re: Ecrypting passwords

by neilwatson (Priest)
on Nov 05, 2003 at 18:02 UTC ( #304799=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Ecrypting passwords
in thread Ecrypting passwords

I am not experiencing that :(. Consider this code example:
# encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt);

Run in a shell script the hash is the same each time the salt and password are the same (as you said). However, when inserted into a web page (HTML::Mason but, on the same machine) the hash is different each time.

Neil Watson
watson-wilson.ca

Replies are listed 'Best First'.
Re: Re: Re: Re: Ecrypting passwords
by hardburn (Abbot) on Nov 05, 2003 at 18:40 UTC

    I suspect there is somehow a bug in how you're getting the data from the web. Try printing out the hex encoding of the orginal string before you send it to the hash function to make sure you're putting in the exact same data each time.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

      Even if I hard code them:
      # encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $passwd = 'password'; $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt);

      The hash is still different each time.

      Neil Watson
      watson-wilson.ca

        Sorry, there is something screwy with your system. Getting the exact same hash value for the exact same data is a design goal of any hash algorithm worth using.

        This is what I get on your code:

        $ cat test.pl #!/usr/local/bin/perl use Digest::SHA1; # encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $passwd = 'password'; $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt); print "Secret: ", $secret, "\n"; $ ./test.pl Secret: c757584a6cff45409cdf716903aa363e95354860 $ ./test.pl Secret: c757584a6cff45409cdf716903aa363e95354860

        ----
        I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
        -- Schemer

        : () { :|:& };:

        Note: All code is untested, unless otherwise stated

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://304799]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (5)
As of 2021-04-20 05:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?