And make salt less predictable.
return $res;
}
+my $salt_starter = time();
+
sub encrypt_pw {
my ($pw) = @_;
- my $time = substr(Digest::SHA::sha1_base64 (time), 0, 8);
- return crypt(encode("utf8", $pw), "\$5\$$time\$");
+ $salt_starter++;
+ my $salt = substr(Digest::SHA::sha1_base64(time() + $salt_starter + $$), 0, 8);
+
+ # crypt does not want '+' in salt (see 'man crypt')
+ $salt =~ s/\+/X/g;
+
+ return crypt(encode("utf8", $pw), "\$5\$$salt\$");
}
my $defaultData = {