我是Perl的新手,我试图找出如何使用Crypt函数来验证用户输入的数据中存储的哈希密码。我使用以下代码使用随机生成的盐生成密码的摘要。在下一步中,我将先前生成的摘要用作加密功能和用户输入的盐。根据this链接中的信息,如果crypt函数的输出与我们先前生成的摘要相同,那么我们很好。CheckThis函数中的crypt函数使用先前生成的摘要生成不同的输出,这会导致问题。我做错了什么?非常感谢有人可以帮助我。
这是我的代码:
use strict;
use warnings;
sub HashThis {
# To generate random salt
my @temp = (0..9, 'A'..'Z', 'a'..'z');
my $salt;
$salt .= $temp[rand @temp] for 1..16;
print "\nSalt is:\t\t",$salt,"\n";
# makes digest for real password using salt
my $digest = crypt(@_, '$6$'.$salt);
return ($digest);
}
sub CheckThis {
# compares if crypt return same digest as using digest as salt for userinput
my $result;
my ($ui, $digest) = @_;
if (crypt($ui, $digest) eq $digest) {
$result = "matching";
} else {
$result = "not matching";
}
return ($result);
}
system "stty -echo";
print "\nReal password:\t\t ";
chomp(my $userpass = <STDIN>);
print "\n";
system "stty echo";
my $digest = HashThis($userpass);
print "\nDigest is:\t\t",$digest,"\n";
system "stty -echo";
print "\nTest password:\t\t ";
chomp(my $userinput = <STDIN>);
print "\n";
system "stty echo";
my $final_result = CheckThis($userinput, $digest);
print "\n",$final_result,"\n\n";
更改:
my $digest = crypt(@_, '$6$'.$salt);
至:
my $digest = crypt($_[0], '$6$'.$salt);