http://qs321.pair.com?node_id=304529


in reply to Re: Ecrypting passwords
in thread Ecrypting passwords

If you put the exact same data into SHA1 (or any other reasonable hashing algorithm), the exact same hash value will come out. It's only when you have different data (even as small as one bit) that a cryptographic hash will give a different output. Non-cryptographic hashing algorithms (such as the one used by Perl's hash data structure) may produce collisions for different data, which usually need to be handled by the program in question.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Re: Ecrypting passwords
by neilwatson (Priest) on Nov 05, 2003 at 18:02 UTC
    I am not experiencing that :(. Consider this code example:
    # encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt);

    Run in a shell script the hash is the same each time the salt and password are the same (as you said). However, when inserted into a web page (HTML::Mason but, on the same machine) the hash is different each time.

    Neil Watson
    watson-wilson.ca

      I suspect there is somehow a bug in how you're getting the data from the web. Try printing out the hex encoding of the orginal string before you send it to the hash function to make sure you're putting in the exact same data each time.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      : () { :|:& };:

      Note: All code is untested, unless otherwise stated

        Even if I hard code them:
        # encrypts password using # SHA-1 algorithm my $sha1 = Digest::SHA1->new; # reset algorithm $sha1->hexdigest; # encrypt $passwd = 'password'; $salt = 1658087940; my $secret = $sha1->sha1_hex($passwd . $salt);

        The hash is still different each time.

        Neil Watson
        watson-wilson.ca