comment on

If I understood your question well, you simply read the encrypted password back and use the first two characters as the salt for encrypting the password you've just read.

Then you compare them, if they match, the password is correct. Bummer otherwise.

Warning: the salt is there because it gives 4096 different ways to encrypt the same password, so it makes it lengthy to try a dictionary attack with pre-encrypted passwords. If (as it in your case) the salt is easily predictable, somebody might find it easier to try a dictionary attack on your encrypted password, for exampl. This of course if they know how you generate salts and if tehy manage to access your encrypted data.

As a rule of thumb, it's much better to generate it from random numbers.

Have a look at this thread, or try a Super Search for more information.

In reply to Re: UNIX user authentication by trantor
in thread UNIX user authentication by Anonymous Monk

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Perl: the Markov chain saw
	PerlMonks