On 2/27/07, tom arnall <[EMAIL PROTECTED]> wrote:
how good is 'crypt()'? it seems that for small differences in the target string you get duplicate digests.
That's not what it's "good" at. Are you trying to use it for checksumming or encryption, or something else it wasn't designed to do?
i get the following results (using debugger): DB<1> $f='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab' DB<2> $g='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaac' DB<3> p crypt($f,'ab') abBUNZY4cR2mg DB<4> p crypt($g,'ab') abBUNZY4cR2m
Yes; those two "passwords" are effectively indistinguishable, as are infinitely many others. Many password systems impose a limit upon the meaningful length of passwords; the limit for crypt(2) is eight characters, I believe. If you wish to build a new system to do password verification, I'd recommend building it upon a modern (i.e. strong) cryptographic hash function, and allowing passphrases longer than eight characters. Cheers! --Tom Phoenix Stonehenge Perl Training -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
