Home
Perl How To
Perl Books
Perl Basics
Perl Editors
Perl Modules
Perl Database
Net Programming
Sitemap
About Me
Contact Me
Blog
 

Perl crypt Function


NEW!!!

Check my new resource:    Perl How To Tutorial eBooks

The Perl crypt function is mainly used to check if a correct password is given. It allows you to store sensitive information such as passwords into an encrypted string. Based on DES (Data Encryption Standard), this function uses a Unix / Linux encryption system that implements a symmetric-key algorithm by using a 56 bit key. Now DES is considered a bit insecured due to the 56-bit key size which is considered too small by many applications, as modern systems can break traditional DES passwords.

The Perl crypt function is a one way function, you can use it to encrypt a string, but there is no equivalent decryption function. This function is not useful for cryptography because you can’t decrypt the information. You can rather use it to check a password:

  • first you encrypt a password with a specific salt and store it somewhere
  • when a user types in a password, that is encrypted using the same salt as the stored password
  • the two pieces of encrypted data are compared and if they match, the password is correct
The syntax form of the Perl crypt function is as follows:

$encryptedString = crypt $string, $salt

As you can see, this function has two arguments:

  • $string which is the string to be encrypted
  • $salt that is used to select an encrypted version from many variations
It returns the encrypted string.

Using the DES encryption method, the salt variable could be any two characters from the set:

{ '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z }.

This set of characters is just a recommendation, you can include more characters here. The salt is stored in the encrypted string as the first two characters for later comparisons. Small changes in the $string or $salt will result in large changes in the resulting encrypted string. Please note that you need to use the same salt for the stored encrypted string and for the string you want to check.

To make things more clearly, let’s see an example:

#!/usr/local/bin/perl

use strict;
use warnings;

# initialze the string to be encrypted
my $psw = '1qazpoiu^^';
my $salt = 'ab';
# crypt and store the encrypted string in a variable
my $encryptedPsw = crypt $psw, $salt;
# print the encrypted password
print "$encryptedPsw\n"; 
# it displays: abzmCVGjNHc3M
# please note the presence of the salt at the 
# begining of the encrypted string

# read a password from STDIN
print "Your password:";
chomp (my $readPsw = <STDIN>);
if($encryptedPsw eq crypt ($readPsw, $encryptedPsw)) {
  print "Password OK\n";
} else {
  print "Password NOK\n";
}

Here’s an example of output:

abzmCVGjNHc3M
Your password:1qazpoiu^^
Password OK

Please note that for checking the password read from STDIN we used as salt the stored encrypted password because this string begins with the first two characters of the initial salt.

It’s a good practice to use random characters for the salt as shown in the following example:

#!/usr/local/bin/perl

use strict;
use warnings;

sub encryptingPsw {
  my $psw = shift;
  my $count = shift; 
  my @salt = ('.', '/', 'a'..'z', 'A'..'Z', '0'..'9');  
  my $salt = "";
  $salt.= $salt[rand(63)] foreach(1..$count);
  print "\$salt = $salt\n";
  crypt($psw, $salt);
}

my $encryptedPsw = &encryptingPsw('ab#$cd', 4);
print "$encryptedPsw\n";

Here’s an example of output:

$salt = dBli
dBubxBHYJE73E

The code begins with the body of the encryptingPsw subroutine. This subroutine has two arguments:

  • the password to be encrypted
  • the number of characters of the salt string

The characters of the $salt string are selected using the rand function and are concatenating using the . operator. At the end of the subroutine the $salt is printed and the Perl crypt function is called to encrypt the input password with the random salt. You don’t need to use the return function explicitly because the subroutine will return by default the result of the last executed statement – in our case the encrypted password returned by the Perl crypt function.

If you look at the output you can notice that only the first two characters from the salt are present at the beginning of the encrypted string, because only the first two characters from salt are used in this implementation of the Perl crypt function. But if for other implementation of the Perl crypt function more than two characters will be used, the previous example subroutine will work for you.

The next example is for a Unix/Linux platform and assures that whoever runs this program knows his password:

#!/usr/local/bin/perl

use strict;
use warnings;

# get the user password
$pwd = (getpwuid($<))[1];

system "stty -echo";
print "Password: ";
chomp($word = <STDIN>);
print "\n";
system "stty echo";

if (crypt($word, $pwd) ne $pwd) {
   die "Sorry wrong password\n";
} else {
   print "ok, correct password\n";
}

This script begins with the assigning of the user current password into the $pwd scalar variable, by using the getpwuid routine. This routine has as argument the UID that is a unique positive integer assigned by a Unix/Linux operating system to each user. In the Perl language the $< special variable means the real UID of a process. The getpwuid routine returns a list as follows:

($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire)

where the password element has the index 1. So (getpwuid($<))[1] will return the password of the current user.

The system function is used to put first the terminal into 'no echo' mode, then just read the password normally. After reading the password, the terminal will be put back in the 'echo' mode.

Finally, the Perl crypt function will be used to check up if the password typed by the user is correct. (Unix / Linux servers use DES in order to encrypt the passwords).



NEW!!!

Do you want more information about the basic Perl topics?

Check my new "Perl How To" Tutorial eBooks page where I'll answer the most frequent questions regarding some topics :

Perl How To Tutorial eBooks

Table of Contents:

A Perl Script
Install Perl
Running Perl
Perl Data Types
Perl Variables
Perl Operators
Perl Lists
Perl Arrays
    Array Size
    Array Length
Perl Hashes
Perl Statements
    Perl if
    Perl unless
    Perl switch
    Perl while
    Perl do-while
    Perl until
    Perl do-until
    Perl for
    Perl foreach
Built-in Perl Functions
    Functions by Category
        String Functions
        Array Functions
    Functions in alphabetical order
        chomp
        chop
        chr
        crypt
        defined
        grep
        hex
        index
        join
        lc
        lcfirst
        length
        oct
        ord
        pack
        pop
        push
        reverse
        rindex
        shift
        split
        substr
        uc
        undef
        unshift

return from Perl crypt function to Perl Basics


Would you like to create your own website like this one?
Hit the Alarm Clock!

Site Build It!


footer for perl crypt page