in reply to
Re: [blogs.perl.org credential release] How can I check the password that I used on blogs.perl.org
in thread [SOLVED][blogs.perl.org credential release] How can I check the password that I used on blogs.perl.org
Thanks Anonymous Monk. The best part, it's even spelled out in the Doc, but I didn't understand when I first read it.
When verifying an existing digest string you should use the digest as the salt (like crypt($plain, $digest) eq $digest ). The SALT used to create the digest is visible as part of the digest. This ensures crypt() will hash the new string with the same salt as the digest. This allows your code to work with the standard crypt and with more exotic implementations. In other words, assume nothing about the returned string itself nor about how many bytes of SALT may matter.