diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2001-09-03 19:50:57 +0000 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2001-09-03 19:50:57 +0000 |
| commit | 85c16d835facb3e1567f0ad453769c0d9a8da60b (patch) | |
| tree | 18e98ac37b49f61765b436c2fb4fcc0f200c99a7 /pod | |
| parent | 0686c0b8fd853975c64d3472ef479435ba920e0a (diff) | |
| download | perl-85c16d835facb3e1567f0ad453769c0d9a8da60b.tar.gz | |
Make crypt() do something more sane for Unicode
(take crypt() of the low eight bits of the characters,
instead of taking crypt() of the UTF-8 of the scalar);
add a test for crypt().
p4raw-id: //depot/perl@11852
Diffstat (limited to 'pod')
| -rw-r--r-- | pod/perlfunc.pod | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 1626f6e3a2..ebac4b7f55 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -806,17 +806,29 @@ extirpated as a potential munition). This can prove useful for checking the password file for lousy passwords, amongst other things. Only the guys wearing white hats should do this. -Note that C<crypt> is intended to be a one-way function, much like breaking -eggs to make an omelette. There is no (known) corresponding decrypt -function. As a result, this function isn't all that useful for +Note that C<crypt> is intended to be a one-way function, much like +breaking eggs to make an omelette. There is no (known) corresponding +decrypt function (in other words, the crypt() is a one-way hash +function). As a result, this function isn't all that useful for cryptography. (For that, see your nearby CPAN mirror.) -When verifying an existing encrypted string you should use the encrypted -text as the salt (like C<crypt($plain, $crypted) eq $crypted>). This -allows your code to work with the standard C<crypt> and with more -exotic implementations. When choosing a new salt create a random two -character string whose characters come from the set C<[./0-9A-Za-z]> -(like C<join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>). +When verifying an existing encrypted string you should use the +encrypted text as the salt (like C<crypt($plain, $crypted) eq +$crypted>). This allows your code to work with the standard C<crypt> +and with more exotic implementations. In other words, do not assume +anything about the returned string itself, or how many bytes in +the encrypted string matter. + +Traditionally the result is a string of 13 bytes: two first bytes of +the salt, followed by 11 bytes from the set C<[./0-9A-Za-z]>, and only +the first eight bytes of the encrypted string mattered, but +alternative hashing schemes (like MD5), higher level security schemes +(like C2), and implementations on non-UNIX platforms may produce +different strings. + +When choosing a new salt create a random two character string whose +characters come from the set C<[./0-9A-Za-z]> (like C<join '', ('.', +'/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>). Here's an example that makes sure that whoever runs this program knows their own password: @@ -844,6 +856,11 @@ back. Look at the F<by-module/Crypt> and F<by-module/PGP> directories on your favorite CPAN mirror for a slew of potentially useful modules. +If using crypt() on an Unicode string (which potentially has +characters with codepoints above 255), Perl tries to make sense of +the situation by using only the low eight bits of the characters when +calling crypt(). + =item dbmclose HASH [This function has been largely superseded by the C<untie> function.] |