I am attempting to create and verify password hashes from within perl.
The easiest way I saw was to use Inline::C like this:
#!/usr/bin/env perl
use Inline C;
my $pass = 'password';
my $hash = qx(encrypt password);
chomp $hash; #get rid of pesky newline
$hash =~ s/(\$)/\\$1/gx; #replace $ with \$
my $newhash =
"\$2b\$10\$.m5VMGgV842QHnJXoob02.Kgo/ENfwRcmOgJb5h.Q.XfPxcjWyAfa";
print "hash is : $hash" . "\n";
print checkpass($pass, $hash) . "\n";
print "\n";
print "hash is : $newhash" . "\n";
print checkpass($pass, $newhash) . "\n";
print "\n";
__END__
__C__
int checkpass(const char *p, const char *h) {
printf("%s: %s\n", p, h);
return (crypt_checkpass(p, h));
}
However, the $newhash returns 0 (or good) and the $hash returns -1 (or bad).
hash is : \$2b\$10h\$9aBUQlB4hTXgt8Pao8frn.5EXiGzvJng5CpPK4uwRmQfNu2qYFEAi
password: \$2b\$10\$9aBUQlB4hTXgt8Pao8frn.5EXiGzvJng5CpPK4uwRmQfNu2qYFEAi
-1
hash is : $2b$10$.m5VMGgV842QHnJXoob02.Kgo/ENfwRcmOgJb5h.Q.XfPxcjWyAfa
password: $2b$10$.m5VMGgV842QHnJXoob02.Kgo/ENfwRcmOgJb5h.Q.XfPxcjWyAfa
0
I'm thinking most likely I would be reading the hash from a file or some
such thing and then using the method for the $hash above, but that
doesn't appear to work. I may break down and ask in more appropriate
perl question locations, but since its an OBSD function I figured I'd
ask here first, so I don't have to explain its a proper function, etc,
etc... Any thoughts?
Thanks,
Edgar
