From owner-freebsd-questions  Mon Jun 29 08:10:41 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA01931
          for freebsd-questions-outgoing; Mon, 29 Jun 1998 08:10:41 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from pobox.com (zanak-2-42.mdm.mke.execpc.com [169.207.93.170])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA01899
          for <freebsd-questions@FreeBSD.ORG>; Mon, 29 Jun 1998 08:10:30 -0700 (PDT)
          (envelope-from hamilton@pobox.com)
Message-Id: <199806291510.IAA01899@hub.freebsd.org>
Received: (qmail 11509 invoked from network); 29 Jun 1998 10:11:58 -0500
Received: from localhost (HELO pobox.com) (127.0.0.1)
  by localhost with SMTP; 29 Jun 1998 10:11:58 -0500
To: nik@iii.co.uk
cc: Dean Hollister <dean@odyssey.apana.org.au>,
        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: HTML Password changer 
In-reply-to: Your message of "Mon, 29 Jun 1998 12:13:05 BST."
             <19980629121305.46423@iii.co.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 29 Jun 1998 10:11:58 -0500
From: Jon Hamilton <hamilton@pobox.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


In message <19980629121305.46423@iii.co.uk>, nik@iii.co.uk wrote:
} On Mon, Jun 29, 1998 at 06:09:22PM +0800, Dean Hollister wrote:
} > I have the necessary code to encrypt the new password and so on, but what
} > about decrypting the old one, and comparing to the entered one, using
} > Perl?
} 
} You don't. You encrypt the password the user entered, and then compare
} the encrypted new password with the encrypted stored password. If
} they match then the two 'clear' passwords are identical.

It's not quite that simple, although almost.  You have to be sure to use
the same salt value, otherwise the unencrypted string could well be correct
and still encrypt to a different encrypted string.  See the crypt(3) man page
for details about the salt value; you can use the first two characters of
the old encrypted password string as the salt for your new call to crypt.

-- 
   Jon Hamilton  
   hamilton@pobox.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message