| From: | Gunnar Wolf <gwolf(at)campus(dot)iztacala(dot)unam(dot)mx> |
|---|---|
| To: | Fernando Romo <pop(at)cofradia(dot)org> |
| Cc: | SIS Carlos Williams <cwilliams(at)via-express(dot)com>, <pgsql-ayuda(at)tlali(dot)iztacala(dot)unam(dot)mx> |
| Subject: | [Pgsql-ayuda] RE: [Pgsql-ayuda] contraseñas |
| Date: | 2002-03-18 17:30:24 |
| Message-ID: | Pine.BSO.4.33.0203181105030.11034-100000@campus.iztacala.unam.mx |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-es-ayuda |
> Usa este scrip en Per que genera passwords tipo del archivo de /etc/passwd
>
> el archivo lo llame "passgen" y lo uso para generar usuarios para el cvs...
>
> ----------------------
> #!/usr/bin/perl
> srand (time());
No es necesario hacer esto... De hecho, es poco recomendable, ya que le
pones un valor bastante predecible a tu random seed. Cito un par de
párrafos de perldoc -f srand:
In fact, it's usually not necessary to call
"srand" at all, because if it is not called
explicitly, it is called implicitly at the first
use of the "rand" operator. However, this was not
the case in version of Perl before 5.004, so if
your script will run under older Perl versions, it
should call "srand".
Note that you need something much more random than
the default seed for cryptographic purposes.
Checksumming the compressed output of one or more
rapidly changing operating system status programs
is the usual method. For example:
srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
If you're particularly concerned with this, see
the "Math::TrulyRandom" module in CPAN.
(...)
Frequently called programs (like CGI scripts) that
simply use
time ^ $$
for a seed can fall prey to the mathematical prop-
erty that
a^b == (a+1)^(b+1)
one-third of the time. So don't do that.
> my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 :97))";
> my $salt = sprintf("%c%c", eval $randletter, eval $randletter);
> my $plaintext = shift;
> my $crypttext = crypt ($plaintext, $salt);
> print "${crypttext}\n";
> ----------------------
> le pasas el password entre comillas y te genera un criptograma que no se
> repite
> del mismo. vg:
>
> ./passgen "pelotas"
> vbGqSV2otBm8E
Prefiero esta versión - más corta, eficiente y clara:
#!/usr/bin/perl -w
use strict;
my $plaintext=shift;
my $crypttext = crypt($plaintext,join('', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
print "$crypttext\n";
Salús!
--
Gunnar Wolf - gwolf(at)campus(dot)iztacala(dot)unam(dot)mx - (+52-55)5623-1118
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Roberto Andrade Fonseca | 2002-03-18 17:41:25 | [Pgsql-ayuda] Primera Reunión de Usuarios de Perl en el Valle de México |
| Previous Message | Fernando Romo | 2002-03-18 17:03:19 | [Pgsql-ayuda] RE: [Pgsql-ayuda] contraseñas |