Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

crypt and blowfish?

by skazat (Chaplain)
on Sep 16, 2005 at 01:31 UTC ( #492488=perlquestion: print w/replies, xml ) Need Help??

skazat has asked for the wisdom of the Perl Monks concerning the following question:

Heya,

Please let me know if this question doesn't make any sense, I'm still trying to wrap my mind around it.

I'm working on a clients server that only has blowfish available for its crypt(3) functions. Ecrypting thingies in Perl doesn't seem to work - observe:

#!/usr/bin/perl my $pw = 'secret'; my $salt = 'sa'l print crypt($pw, $salt);

Should print the same encrypted pass over and over again, like, "saHW9GdxihkGQ"

But, on the blowfish-only server, it prints out things like:

$2a$04$sbKVIAQsDwhO1/am9JaVI.qr13R.8.Cn5Xxqbj6aSqcad/9z3p0Jy

Obviously, I'm doing something wrong. For one - I do not see the salt number in the string. The length is much different, but I chalk that up to the different encryption spec. The string, "$2a$04$" is always present, so I'm assuming that this is some sort of marker that tells me I'm working with a blowfish encryption.

The question is - how do I now compare this encrypted string to an unencrypted string to validate a password?

Regularly, you would just encrypt the password you want to challenge the encrypted password with (using the same salt) - if they match, you've entered the correct password.

I'm missing a step. Sort of a:

if($mySavedPassword =~ s/^\$2a\$04\$/){ # ... blowfish! }

Does anyone care to enlighten? I know about the Crypt::Blowfish module, I don't necessarily want to use it - I'm sort of asking also why Perl's crypt function isn't working as expected.

Thanks, y'all

 

-justin simoni
skazat me

<script language="JavaScript" src="http://quotes.prolix.nu/cgi-bin/random_quote_js.pl"> </script>

Replies are listed 'Best First'.
Re: crypt and blowfish?
by PodMaster (Abbot) on Sep 16, 2005 at 03:40 UTC
    What does perl -V:.*?crypt.*? return?
    What does man crypt say on that system?

    MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
    I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
    ** The third rule of perl club is a statement of fact: pod is sexy.

      me@there>perl -V:.*?crypt.*? crypt_r_proto='0'; cryptlib=''; d_crypt='define'; d_crypt_r='undef'; i_crypt='undef';

      man crypt says,

      NAME enigma, crypt -- very simple file encryption SYNOPSIS enigma [-s] [-k] [password] crypt [-s] [-k] [password] DESCRIPTION The enigma utility, also known as crypt is a very simple encrypti +on pro- gram, working on a ``secret-key'' basis. It operates as a filter +, i.e., it encrypts or decrypts a stream of data from standard input, and + writes the result to standard output. Since its operation is fully symm +etrical, feeding the encrypted data stream again through the engine (using + the same secret key) will decrypt it. [..yadda yadda..]

      Which is strange, and goes against what I just stated about blowfish.

      Also, if you're interested:

      me@there>uname -a FreeBSD there.example.com 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Aug 25 + 08:24:24 GMT 2005 root@there.example.com:/usr/obj/usr/src/sys/PE +2850 i386

       

      -justin simoni
      skazat me

      <script language="JavaScript" src="http://quotes.prolix.nu/cgi-bin/random_quote_js.pl"> </script>

Re: crypt and blowfish?
by skazat (Chaplain) on Sep 16, 2005 at 07:33 UTC

    I think I figured it out, the salt has to be larger than, "2" - 20 characters seems to work well. The salt will then be in substr(7, 20) of the encrypted string.

    Strange. There isn't much docs in Perl's crypt about this.

     

    -justin simoni
    skazat me

    <script language="JavaScript" src="http://quotes.prolix.nu/cgi-bin/random_quote_js.pl"> </script>

      Hmm, make that 24, not 20.

       

      -justin simoni
      skazat me

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://492488]
Approved by Zaxo
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (2)
As of 2022-07-01 16:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My most frequent journeys are powered by:









    Results (99 votes). Check out past polls.

    Notices?