Date: Mon, 29 Jun 1998 10:11:58 -0500 From: Jon Hamilton <hamilton@pobox.com> To: nik@iii.co.uk Cc: Dean Hollister <dean@odyssey.apana.org.au>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: HTML Password changer Message-ID: <199806291510.IAA01899@hub.freebsd.org> In-Reply-To: Your message of "Mon, 29 Jun 1998 12:13:05 BST." <19980629121305.46423@iii.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19980629121305.46423@iii.co.uk>, nik@iii.co.uk wrote: } On Mon, Jun 29, 1998 at 06:09:22PM +0800, Dean Hollister wrote: } > I have the necessary code to encrypt the new password and so on, but what } > about decrypting the old one, and comparing to the entered one, using } > Perl? } } You don't. You encrypt the password the user entered, and then compare } the encrypted new password with the encrypted stored password. If } they match then the two 'clear' passwords are identical. It's not quite that simple, although almost. You have to be sure to use the same salt value, otherwise the unencrypted string could well be correct and still encrypt to a different encrypted string. See the crypt(3) man page for details about the salt value; you can use the first two characters of the old encrypted password string as the salt for your new call to crypt. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806291510.IAA01899>