crypt and blowfish?by skazat (Chaplain)
|on Sep 16, 2005 at 01:31 UTC||Need Help??|
skazat has asked for the wisdom of the Perl Monks concerning the following question:
Please let me know if this question doesn't make any sense, I'm still trying to wrap my mind around it.
I'm working on a clients server that only has blowfish available for its crypt(3) functions. Ecrypting thingies in Perl doesn't seem to work - observe:
Should print the same encrypted pass over and over again, like, "saHW9GdxihkGQ"
But, on the blowfish-only server, it prints out things like:
Obviously, I'm doing something wrong. For one - I do not see the salt number in the string. The length is much different, but I chalk that up to the different encryption spec. The string, "$2a$04$" is always present, so I'm assuming that this is some sort of marker that tells me I'm working with a blowfish encryption.
The question is - how do I now compare this encrypted string to an unencrypted string to validate a password?
Regularly, you would just encrypt the password you want to challenge the encrypted password with (using the same salt) - if they match, you've entered the correct password.
I'm missing a step. Sort of a:
Does anyone care to enlighten? I know about the Crypt::Blowfish module, I don't necessarily want to use it - I'm sort of asking also why Perl's crypt function isn't working as expected.