hwg-techniques archives Feb 2000 new search results previous next

Re: Automatic passwd creation?

by "Peter Newton" <c-newton(at)ihug.co.nz>

 Date:  Wed, 9 Feb 2000 11:13:05 +1300
 To:  <hwg-techniques(at)hwg.org>
 References:  wv
  todo: View Thread, Original 
Thanks Paul and Susan,

 I've found the solution I need, To complete the thread I 
thought I'de post it. Infact you were right paul Perl does
have a suitable method for this and its called exactly the
same thing ie:-

crypt($passwd,$salt);

and returns a 13 character alpha numeric case sensitive 
encrypted string. One way to use this could be like so:-

$encryption= crypt ($passwd,$username);

$passwd is any string you want to use for for passwd.
$salt stirs up the pot so that you can get different
encrypted results from the same passwd.

Simply save the $encryption into the database and
while you cannot find out easily what the password is you 
can easily verify whether the user knows his/her own
passwd or not.

Also this is ideal because their is no uncrypt option so 
that it is not easy now to find out what the passwd is.

nb this method is not implemented under the windows 
version of perl.

Many thanks
Peter Newton




 Well, now I'm a unix guy, and I happen to like C, but you could just as
> well wrap this up into an executable and run it from Perl, and there
> very likely could be a similar set of functions in Perl.
> 
> #include unistd.h
> const char *genpass(void)
>     {
>     if((char *p = tmpnam(NULL)) == NULL)
>         {
>         printf("Couldn't get random name.  File system may be full.\n");
> 
>         exit(-1);
>         }
>     return (p = crypt(p,"Ux"));
>     }
> 
> Now to make that an executable, change 'genpass' to 'main', and run,
> call the file genpasswd.c, and run on the command line (Bash):
> 
> gcc -o genpasswd genpasswd.c
> 
> Then, just put it (~/genpasswd) where you need it, and run it with a
> system command.  It will return a random sequence of upper and lower
> case letters, numbers, and a few special chars.  The length of the
> output will always be 11 chars.  I think that's what you wanted, a
> random string to use as a passwd.  Also, to randomate a login, use the
> fist half of their e-mail, before the @.
> 
> G'day,
> Paul.
> 
>

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA