Yes, you need to use a salt and can use anything you'd like. For instance,
if you're creating an encrypted password for a user's login, you might do
something like this:
my $username = 'foo';
my $password = 'bar';
my $crypted_password = crypt($password, $username);
crypt() uses the first two characters of the second argument as the
salt. The resulting encrypted password will actually begin with these two
characters. In this example, the actual encrypted password is
'foXrpAKGo3142'. You see where the first two letters came from the salt
$username.
Now when you are checking this password for validation at some future
point, using
if (crypt($x, $real_password) eq $real_password)
the real password (from a password database or file) will be
'foXrpAKGo3142'. So when you use that as the salt in the above conditional
statement, the first two characters are again 'fo', resulting in the same
encrypted password.
So, to *CREATE* an encryption, use anything you want. To *COMPARE* an
encryption, use the real encrypted password as the salt.
-Mike
>Trying to use crypt() to encrypt a given password.
>I know how to compare a given password with an encrypted one, but to
>encrypt one myself and save it, doesn't work for me for some reason.
>You would say, Ah of course forgotten to give your encryption key. That's
>right which one uses apache/Unix/etc ??
>
>So what it is all about probably is this :
>
> my $crpw = crypt("$pw", "What key ????");
>
>Hope for your help !
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
