Right. Knowing the salt is half the battle in cracking the
password.
In addition to the suggestions of our fellow monks, I can add two
more points.
Use a random salt and store the password in such a way where it
will be extremely difficult for someone to obtain. Such as a
configuration file only readable by the application itself. Some
example code follows:
use strict;
my $pass;
$| = 1;
print "password: ";
chomp($pass = <STDIN>);
print crypt_pass($pass), "\n";
exit;
sub crypt_pass {
my $p = shift;
return unless $p;
my $salt = chr(65+rand(27)).chr(65+rand(27));
return crypt($p, $salt);
}
Another thing you can do is use the first two characters of the
password as the salt, then strip those two characters off before
you store it.
use strict;
my $pass;
$| = 1;
print "password: ";
chomp($pass = <STDIN>);
print crypt_pass($pass), "\n";
exit;
sub crypt_pass {
my $p = shift;
return unless $p;
crypt($p, $p) =~ /..(.*)/;
my $cpass = $1;
return $cpass;
}
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
