Article 3269 of comp.lang.perl:
Xref: feenix.metronet.com comp.lang.perl:3269
Path: feenix.metronet.com!news.ecn.bgu.edu!wupost!cs.utexas.edu!sun-barr!koriel!male.EBay.Sun.COM!jethro.Corp.Sun.COM!eric.arnold@sun.com
From: eric.arnold@sun.com (eric.arnold )
Newsgroups: comp.lang.perl
Subject: Re: Hiding a password?
Date: 8 Jun 1993 20:45:17 GMT
Organization: Sun Microsystems, Inc.
Lines: 59
Distribution: world
Message-ID: <1v2tot$k0l@jethro.Corp.Sun.COM>
References: <rstone.739557635@cunews>
Reply-To: eric.arnold@sun.com
NNTP-Posting-Host: animus.corp.sun.com
I had to to put a password in a script a while ago. What I did was to
first encrypt the password, and then store the encrypted password in
the script. When the script ran, it compared the encrypted password
against the user input.
I needed two functions to accomplish this, "&genpasswd" and "&cmppasswd":
print "input passwd: ";
while ( <STDIN> )
{
if ( &cmppasswd( $passwd, $_ ) ) {
print "equal to last\n"; }
else {
print "not equal to last\n"; }
print "passwd=", $passwd = &genpasswd( $_ ), "\n";
print "input passwd: ";
}
sub cmppasswd {
local( $encrypted, $test ) = @_;
return ( $encrypted eq crypt( $test, $encrypted ) );
}
sub genpasswd {
local( $to_encrypt ) = @_;
local( $salt_string, $len, $salt );
$salt_string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.";
$len = length( $salt_string );
srand( time() );
$salt = substr( $salt_string, rand($len), 1 ) . substr( $salt_string, rand($len), 1 );
return crypt( $to_encrypt, $salt );
}
If you want to put the password "topsecret" into a readable script, you
would first get the encrypted equivalent of the desired password
string:
print &genpasswd( "topsecret" ), "\n";
and you might get:
ab8erO8W0MyYo
from here you can edit it into the script like:
$inp = <STDIN>;
if ( &cmppasswd( "ab8erO8W0MyYo", $inp ) ){
# access granted ... }
I'll leave as extra credit to have the script modify itself
with the new encrypted password.
-Eric