On Thu, 11 Jun 1998, Joseph Durbin wrote:
> char salt[2]="ab";
To improve the complexity of the algorithm (I think of a factor of 4096)
you should randomize the salt.
The algorithm I usually use in perl is the one included in the software
makepasswd (written in perl too). Should be trivial port it to C.
sub crypt_passwd
{
my $allowed_salt =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
srand(time ^ $$);
my $salt = sprintf("%d", rand(4096));
my $first = $salt >> 6;
my $second = $salt % 64;
my $salt = substr($allowed_salt, $first, 1).substr($allowed_salt,
$second, 1);
return crypt($_[0], $salt);
}
Andrea[s] Arcangeli
