Home: Perl Programming Help: Intermediate:
salt and password generation



newera
Novice

Sep 22, 2015, 5:59 AM


Views: 2304
salt and password generation

I have a PHP script that uses the following routine to generate a salt and password for new users. I also have a perl script for which I need the same routine. How do I write this for use in perl?


Code
        
$salt = substr(md5(uniqid(rand(), true)), 0, 9);
$password = escape(sha1($salt . sha1($salt . sha1($password)))


I'll be passing the $password to the routine.


FishMonger
Veteran / Moderator

Sep 22, 2015, 6:47 AM


Views: 2300
Re: [newera] salt and password generation

Start by reading the documentation for the corresponding perl functions and run a few tests. There's not always a direct one-to-one match between the results of php and perl functions, so you'll probably need to do some tweaking if you want both language routines to return the exact same password. This is especially true when writing your own custom encryption routines, like you're currently doing..

rand() - http://perldoc.perl.org/functions/rand.html
Digest::MD5 - http://search.cpan.org/~gaas/Digest-MD5-2.54/MD5.pm
Digest::SHA1 - http://search.cpan.org/~gaas/Digest-SHA1-2.13/SHA1.pm
Data::Uniqid - http://search.cpan.org/~mwx/Data-Uniqid-0.11/Uniqid.pm

I can't find an escape function on php.net, so I don't know what your escape function does and because of that, I can't provide a corresponding perl function.


(This post was edited by FishMonger on Sep 22, 2015, 6:48 AM)


newera
Novice

Sep 22, 2015, 1:11 PM


Views: 2289
Re: [FishMonger] salt and password generation

the escape should not be there.... sorry

It should read:


Code
$salt = substr(md5(uniqid(rand(), true)), 0, 9);  
$password = sha1($salt . sha1($salt . sha1($password)))


Would it be possible to call this PHP function from within my perl script? With an include maybe?


Laurent_R
Veteran / Moderator

Sep 23, 2015, 2:42 AM


Views: 2274
Re: [newera] salt and password generation

Although I don't like that too much, you could probably use the Perl backticks to call a PHP program, but probably not a specific function within a PHP program. Something like that (which should be adapted to the PHP calling conventions, which I have completely forgotten):

Code
my $password = `php php_script.php $salt`:

Then $password should contain any output provided by the PHP script.

But again, PHP is Web-oriented and a bit special in terms of calling and output conventions, there might be some additional tweaking involved, and I don't know enough about PHP to help on this side of the issue.


(This post was edited by Laurent_R on Sep 24, 2015, 5:42 AM)


FishMonger
Veteran / Moderator

Sep 23, 2015, 8:25 AM


Views: 2265
Re: [newera] salt and password generation

I am not suggesting you should do/use this; I'm just pointing you to a possible answer to your question. One which I would never use myself.

PHP::Interpreter - An embedded PHP5 interpreter
http://search.cpan.org/~aff/PHP-Interpreter-1.0.2/lib/PHP/Interpreter.pm